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“®RISK-E BUSINESS 


Companies know e-business has risks, but they’re 
only beginning to find ways to measure them. Page 34 
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It’s been a year since the crippling cyber- 
assaults on Yahoo, Amazon and eBay that were 
launched from software agents planted by hackers 
in many of the nation’s unsecured university com- 
puters. Deborah Radcliff finds that the academic 
systems are still hacker playgrounds, though 


there’s an effort under way to get universities to 
clean up their acts. 
Story is on page 17. 
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| Sun 
| week embraced the use of Java | 


FEBRUARY 


> GOING OFFSHORE — KEEP IT SIMPLE 


Scanning foreign shores for labor? You'll 
“> find both benefits and drawbacks. Page 44 


As suppliers consolidate systems to keep up with or- 
ders via the Web, some little guys are holdouts. Page 8 
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SUN JOINS JAUNT 
TO WEB SERVICES 


But as with Microsoft’s 


Net, two-year 


strategy not quick enough for some users 


BY LEE COPELAND GLADWIN 


AN FRAN 


Microsystems Inc. 


and XML 
smart Web services, 


for what it called 


| structure initiative that it will 


roll out over the next two years | 
and that will compete with the | 


-Net Web services of 


| rival Microsoft Corp. 


| One 


Sun’s initiative, Sun 
Net Environ- 


ment, could lead to 


| quicker adoption and 


more widespread use 


| of the standards that 


| enable 
| because Sun’s view is 
| similar to that of IBM 


Web services, 


and Microsoft, said 


| ner Group Inc. 
last | 


an infra- | 


INSUREPOINT 

CTO Tom Winn is 
exploiting distrib- 
uted architecture. 


Yefim Natis, an analyst at Gart- 
in Stamford, 
Conn. 

But Natis estimates that the 
top 20% of companies have al- 
ready begun to exploit the dis- 
tributed architecture that Web 
services require — on their 
They're implementing 

these services to deliv- 

er Web content to mo- 
bile devices and to re- 
purpose complex ap- 
plication functionality. 

Take  InsurePoint. 
The Cincinnati-based 
insurance broker of- 
fers Web services in 
the form of online rate 
quotes to corporate 
clients. Instead 


Own. 


of 





EMPLOYERS PUSH IT IN HEALTH CARE 


Coalition seeks higher 


BY JULEKHA DASH 
| If companies such as GM and 


| Eastman Kodak have their way, | 


IT will help hospitals save lives. 
Some of the nation’s largest 


| employers, including General 
| Motors Corp., Eastman Kodak 


| 500 companies, 


The Dow Chemical Co. 
about 60 other Fortune 
are trying to 


Co., 
and 


| establish patient safety stan- 


| dards. 


| based 


| preventable medical errors and 
| thereby slash health care costs. 


Certain technologies, 
as computer physician order 


entry systems, can reduce seri- | 
ous medication errors by more | 


such | 


| than half, according to a study 
| released in November by Dart- 
accuracy for insured | 
| frog will survey hospitals to 
| see if they employ such sys- 


mouth Medical School. Leap- 


tems or software designed to 
Health Care, page 73 





DOMAIN AGENCY 


BLASTED ON HILL 


The goal of The Leap- | Lawmakers say ICANN 
frog Group, the Washington- | 
consortium the compa- | 
| nies have formed, is to reduce | 


should change its ways 


BY PATRICK THIBODEAU 
WASHINGTON 


Members of the U.S. House of 


Representatives last week ad- | 


monished the organization re- 
sponsible for managing the In- 
ternet domain name system. 


They 


building its own quote engine, 
www.insurepoint.com uses re- 
mote HTTP requests and XMI 
to tap into the rate system of its 
New York-based At- 
Mutual Cos. The Web 
automatically ticks off 
Web Services, page 16 


WIRELESS LAN 
SECURITY FLAWED 


Report: Systems have 
several vulnerabilities 


parent, 
lantic 
service 





BY BOB BREWIN 
Computer security specialists 
at the University of California, 
Berkeley, sounded new alarms 
last week about the security 
vulnerabilities of wireless 
LANs. But network managers 
said they’re aware of problems 
with the technology and are 
beefing up their defenses in re- 
sponse. 

The Internet Security, Appli- 
cations, Authentication and 
Cryptography research group 
at Berkeley said in a report 
posted on its Web site (www. 
isaac.cs.berkeley.edu) on Feb. 2 
that it had “discovered a num- 

Wireless LANs, page 16 


charged that the 
profit group has strayed from 
its technical standards mission 
and moved to become an all- 
powerful and out-of-control 
policy-making body. 

But while many warning 
shots were fired at a hearing 
held by a House subcommittee 
on last fall’s selection of seven 
new top-level domains, mem- 
bers of the panel asked for the 
reform — and not the disman- 
tling — of the Internet Corpo- 
ration for Assigned Names and 
Domains, page 16 
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Are you confident that your current Web-hosting solution can handle your business growth? Don’t pay to be squeezed 


on to a cramped shared Web-hosting server. Team up with Dell;“an E-Commerce leader. With dedicated Web-hosting 


services starting at only $199 per month, we'll base your network on its own dedicated Dell PowerEdge™ or PowerApp 


server, featuring Intel® Pentium® lil processors, which is monitored 24x7. It’s scalable and flexible enough to reconfigure 


as your business needs grow. In other words, perfect 


DellHost™ D-2950 

Dell” PowerApp.web™ 100 Server Appliance 

Intel® Pentium® Ill Processor at 600MHz 

64MB SDRAM; 1X 9GB’, 7.2K SCSI HD 

2X 10/100 Embedded NICs 

Red Hat® Linux” 6.2 OS 

Dedicated 21GB Monthly Transfer (Metered) 
NetObjects" Site Design Software - No Added Charge 
1-Yr VerticalNet® Storefront to Qualified Customers 
($9400 Value) 


$ 1I99imo. 


8 Add Traffic Analysis and Tools, Starting at $9.95/mo 


DellHost™ D-3200 
Dell” PowerEdge™ 2450 Server 


Intel® Pentium® Ill Processors at 933MHz with 256K Cache 


512MB SDRAM; 2X 9GB*, 10K SCSI HD 
Redundant Power; 2X 10/100 Embedded NICs 
Red Hat* Linux™ 6.2 OS; Single-channel RAID1 
Dedicated 21GB Monthly Transfer (Metered 
1-Yr VerticalNet* Storefront to Qualified Customers 
($9400 Value) 

8 99.9% Uptime Guarantee”; 7x24 Phone Tech Support 


$549 imo. 


= Add Weekly Back-up for $75/mo. plus $150 Setup Fee 


DellHost™ D-3000 
® Dell PowerApp™ 1550 Server Appliance 
Intel® Pentium® Ill Processor at 650MHz with 256K 
64MB SDRAM; 2X 9GB’, 7.2K SCSI HD 
2X 10/100 Embedded NICs 
Red Hat® Linux” 6.2 OS 
Dedicated 21GB Monthly Transfer (Metered 
1-Yr VerticalNet® Storefront to Qualified Customers 


$9400 Value) 


$299 imo. 


® Add Weekly Back-up for $75/mo. plus $150 Setup Fee 
8 Add Site Tools and Analysis, Starting at $9.95/m 


One-Stop Shop for Your Website Needs 
8 1-Yr Domain Name Registration from 
Network Solutions ($25 Value) 
Professionally Designed 3-page Website 
from Dell™ Design Services ($389 Value 
1 Year of Shared Hosting ($215 Value 
100MB Storage 
5GB Transfer Rate 


$ 399 for kit 


or | 888.906.3355 | wwwDE 





CO Being the best in your business, you've already 


got enough excitement without surprises from your 
information systems. So Fujitsu Technology Solutions 
has designed robust open systems solutions that you can 
trust. Our enterprise-class PRIMEPOWER, Solaris 

SPARC“compliant, Web-enabling servers and storage 
systems deliver industry-leading flexibility, resilience, 


reliability, and availability. As well as the peace of mind 


FUJITSU TECHNOLOGY SOLUTIONS 
HELPS YOU BUILD A WORLD YOU CAN RELY ON. 


that comes from a low total cost of ownership. Our data 
center perspective shows in the quality of our products 
and solutions. With innovative architecture, hot-swap 
components, and built-in SANs, you'll feel totally at 


ease. Our powerful servers and storage systems are 





the engine that can power today's e-business boom. 


Count on it. Enjoy the advantages. And learn to trust. 


co 
FUJITSU 


THE POSSIBILITIES ARE INFINITE 


FUJITSU TECHNOLOGY SOLUTIONS 
SUNNYVALE, CA 1-877-905-3644 
www.fujitsu-technology.com 





~ 


LESSONS 
FROM THE LAB 


David Cooper, the CIO at 
Lawrence Livermore National 
Lab, runs the hottest information 
system on the planet. But his 

| insights into IT are down to earth 
and useful to any manager. 
Page 56 


OLOW AND STEADY 
COULD WIN THE RACE 


For years, the giants of corporate America 
were dismissed as too-slow tor- 
toises for the New Economy. 


But now, as the quicker, 
harelike start-ups be- 


gin to wear them- 
selves out, the gi- 
ants have risen 
again and are 
picking up the 
pace. Page 42 
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NEWS 


6 AMADEUS PLANS to post 
train schedules beside infor- 
mation about airfare between 
cities. What does this mean for 
the travel industry? 


PEGASUS REPLACES its 
ASCII file system with a new 
one based on XML, which 
could have a big impact on 
travel-related businesses. 


A NEW STANDARD intena- 


ed to facilitate B2B exchange of 


consumer data faces big prob- 
lems with the FTC — and with 
users. 


B2B MARKET SHIFTS 

as vendors focus on suppliers 
who now have to find ways of 
handling a glut of buyers. 


THE HART-RUDMAN 


Commission recommends the 
formation of an agency to over- 
see national cyberdefenses. 


ORACLE ANNOUNCES 

the latest, revved up version 
of its Oracle9iAS app server, 
touting enhancements in busi- 
ness intelligence and wireless 
technologies. 


FLEETBOSTON PLANS to 
merge its online broker, Sure- 
trade, into its Quick & Reilly 
unit, joining the movement 
away from Net pure-plays in 
the securities industry. 


MORE 

Editorial/ Letters 
How to Contact CW 
Shark ‘Tank 
Company Index 


32 


32 


FEBRUARY 


Q BUSINESS = @ 


FTC APPROVES self-regula- 


tory guidelines for protecting 
children’s privacy online. 


IT LAWYER OFFERS advice 
for companies looking to sue 
vendors for failed technology 
projects. 

WORKSTYLES 

SEE’S CANDIES’ IT staffers 
work hard to handle the Valen- 
tine’s Day rush. Find out more 
about life at the candy maker. 


IT PROS DON'T HAVE TO 
live like nomads if they work 
for companies that give them 
room to grow. 


EXPERTS OFFER ADVICE 


on how much to pay in bonus- 
es to members of IT teams. 


U.S. FIRMS RUSH to set up 
shop abroad, but they should 
slow down and weigh the pros 
and cons. 

QUICKSTUDY 
E-MARKETPLACES CUT 
costs, time and waste for firms, 
but they also pose challenges. 


OPINIONS 


26 


MARK HALL says Microsoft 
is trying to solve its operating 
system proliferation problem 
through Active Directory. But 
users aren’t buying it. 


PIMM FOX writes that Ariba’s 
acquisition of Agile Software 
may be the first link in a chain 
of events that will push busi- 
ness-to-business consolidation. 


50 


HACK OF THE MONTH 
YOU CAN AVOID sticky 
problems related to BIND, the 
“glue” of the Web. Just follow 
Deborah Radcliff’s advice. 
SECURITY JOURNAL 

JUDE SAYS GOODBYE ana 
offers parting advice about dis- 
aster planning. 

HANDS ON 

UTILITY SUITES CAN pre- 
vent the blue screen of death 
when used properly, says our 
reviewer. 

FUTURE WATCH 

PEN AND PAPER MOVE 
into the future with Anoto’s 
new system for recording and 
transmitting information. 
QUICKSTUDY 

ARTIFICIAL NEURAL net- 
works are computers organized 
like your brain, and they can 
solve problems other comput- 
ers can’t. 

EMERGING COMPANIES 
IWORK PIONEERS supply- 
chain workflow software for 
manufacturers. 

ALLAN E. ALTER p biaithere 
that the top priorities for IT’s 
next 50 years will be economic 
growth and the environment. 


DAVID FOOTE writes that 
more companies are putting 
stock in their workers’ “emo- 
tional intelligence.” 


THORNTON MAY urges 
executives to slash and burn 
old, stale thoughts that hamper 
innovation. 


| 


4 





ONLINE 


Diversity doesn't 
just mean equali 
ty of gender ora 
range of ethnic 
groups. Gartner 
Group’s Barbara 
Gomolski writes 
that many com 
panies’ biggest 
diversity challenge is age. 
www.computerworld.com/careers 


In the latest installment of the 
E-Commerce Chronicles, Computer- 
world’s intrepid shopper tries to buy 
components for an at-home wireless 
network. It wasn't easy. 
www.computerworld.com 
ecommerce 


For the latest in security news, opin 
ions, analysis and interactive discus 
sions, head to the Security Watch 
Community. 
www.computerworld.com/Aecurity 


PETER G. W. KEEN ciaims 
storage hardware is becoming 
the single most important ele- 
ment of e-business innovation. 


JOE AUER says there’s a 
right way for IT organizations 
to create shortlists of potential 
vendors. 


FRANK HAYES offers two 
words of advice for Egghead 
about its storage of old cus- 
tomer data: Dump it. 


AA Aetolasleleid-lauVelaleMetelag) 
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Administrators Warn 
Of Viral Valentines 


E-mail administrators have advised 
employees to send valentines the 
old-fashioned way - by mail. That's 
because of a malicious Italian- 
language variant of the “I Love You” 
virus that’s making the rounds, as 
well as the risk of overloaded net- 
works due to the proliferation of 


electronic greetings this year. 
aa 





ators are advising 
users not to open attachments, 
even from friends and relatives, 
unless it’s known what the attach- 
ments contain. 








Congress May Extend 
Net Tax Moratorium 


The soon-to-expire Internet tax 
moratorium, which prohibits any 
new or discriminatory taxes on 
e-commerce transactions, would be 
extended five years, to 2006, under 
bills introduced in Congress last 
week by Sen. Ron Wyden (D-Ore.) 
and Rep. Christopher Cox (R-Calif.) 
The current three-year moratorium 
expires in October. 


Amazon to Close 
Office in Netherlands 


Amazon.com Inc. said it plans to 
close a customer service center in 
the Netherlands and fold that site’s 
operations into other facilities in 
the U.K. and Germany. The Euro- 
pean consolidation follows the 
Seattle-based online retailer's an- 
nouncement late last month of 
planned layoffs and facility closings 
in the U.S. 








Corrections 


An article titled “Pick Your 
Security Officer's Brain” in our 
Jan. 1IT Agenda supplement 
incorrectly stated that Network 
Flight Recorder is a firewall. It's 
an intrusion-detection system. 


An article on Page 1 of our 

Feb. 5 issue contained a mis- 
spelling of an application de- 
veloped by Dresdner Kleinwort 
Wasserstein. The correct spell- 
ing is Openadaptor, and the 
site where it’s available is 
www.openadaptor.org. 
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7 Travel Network Unifies 


Railway, Airline Data 


Overcomes format challenges to provide 
single view of fares, schedules for agents 


BY MICHAEL MEEHAN 
MADEUS GLOBAI 
Travel Distribu- 
tion SA last week 
became the first 
to offer a com- 
puterized reservations system 
that lists train schedules along- 
side data, a 
previously complicated by the 
balkanized data formats that 
different railways have imple- 


airline process 


mented. 

Madrid-based Amadeus said 
the change should make it easi- 
er for railways to compete with 
airlines for travel bookings, es- 
pecially for high-speed trains 
that can make trips in less than 
three hours. Such trains have be- 
come commonplace in Europe. 

U.K.-based BritRail has al- 
ready signed up to make its 
train schedules and ticket avail- 
ability information available to 
travel agents in the U.S., Canada 
and other countries. Amadeus 
officials said they expect to add 
the Norwegian and Swedish 
railways in the near future. 

Amtrak, the Washington- 
based U.S. railway, is also talk- 
ing with Amadeus about using 
the technology. 


Extending Their Reach 


But putting those capabili- 
ties in place isn’t a simple mat- 
ter. Tim Wesley, rail products 
manager at Amadeus, said rail- 
ways haven't followed in the 
tracks of airlines, which long 
ago realized the benefits of 
creating centralized reserva- 
with uniform 
methods of storing passenger 
names and other data. 

“We're having to shoehorn 
some of the rail functionality 
into an airline environment to 
make this work,” Wesley said. 


tions systems 


Amtrak is working to up- | 


grade its internal systems with 
XML support and other tech- 
nology that will let the rail- 
way’s schedule and fare infor- 
mation be viewable by the 
nearly 50,000 travel agencies 
that use the Amadeus system, 
said Alan Orchison, director of 


| 
| 


industry alliances at Amtrak. 

“We're looking to widen the 
reach many 
[ticket] distribution channels,” 
he said. 

Much of the BritRail work is 
being done by Access Rail Inc. 
The Montreal-based company 
takes railway information and 


we have across 


uses city codes assigned by the 
International Air Transport 
Association to convert the data 
into listings that Amadeus and 
its competitors in the reserva- 
tions business can handle. 


Hotel Networ 


Denis Grenier, vice presi- 
dent of business development 
at Access Rail, said railways 
should be able to reach more 
travelers by hitching up with 
airline-created reservations sys- 
tems like Amadeus. 

“The driving force is the rail- 
realizing they cannot 
cater to the demand _ that 
from travel agents if 
they continue to use only their 
proprietary systems,” he said. 


ways 


comes 


Access Rail has also signed a 
deal to provide rail information 
to Amadeus rival Sabre Hold- 
ings Corp., though Fort Worth, 
Texas-based Sabre has yet to 
announce combined | air/rail 
listings. Grenier said he hopes 


Moves to 


XML, Will Log Off ASCIE 


Would miss Web 
opportunities 
without switch 


BY MICHAEL MEEHAN 
Hotel distribution network Pe- 
gasus Solutions Inc. is nearing 
completion of an XML-based 
network designed to replace 
the technology that has formed 
the core of its business: ASCII. 
The Dallas-based company 
currently provides links to 
more than 38,000 hotels using 
an ll-year-old system. 


The benefits of the XML- 


based network include easier | 


connections for hotels and 


travel agencies, the removal of 


a significant barrier for Web 
sites that wish to join the net- 
work, and the ability to provide 
much richer data about indi- 
vidual hotel properties, 
cording to the company. 
Steve Reynolds, Pegasus’ se- 
nior vice president for IT, said 
the company’s ASCII format 


ac- 


created a lot of busywork for | 


his department. 

“Every time we interfaced 
with a new third-party distrib- 
ution, they had to go write code 


to match the format,” he said. 
In many cases, travel distrib- 


ution channels spent months | 


building connections to Pega- 
sus’ hub. Using an XML stan- 
dard, such connections require 
little or no coding and can 
be completed with- 
in days. 

According to Rey- 
part of the 
impetus for the 
switch is the influx 
of Web that 
sell travel products. 
All of them need 
hotel content, and 
Pegasus stands to 
miss out on a lucra- 
tive and growing 
market if it doesn’t 
reduce its barriers to entry. 


nolds, 


sites 


“This is the prevailing tech- | 


nology,” Reynolds said. “So 
that’s where we aim to be.” 


Orbitz LLC, a Chicago-based | 


airline-owned travel Web site 


due to launch in June, will be | 


using Pegasus for hotel reser- 


vations. Roger Liew, Orbitz’s | 
director of software engineer- 


ing, said XML will be a wel- 
come addition. 

Liew said Orbitz must tinker 
with its internal applications 
whenever Pegasus adds attrib- 


REYNOLDS: XML 
“is the prevailing 
technology. So that’s 
where we aim to be.” 


to have similar agreements in 
place by this fall with World- 
span LP in Atlanta and Galileo 
International Inc. in Rosemont, 
Ill., which operate two other big 
reservations systems. 

For Amadeus and its rivals, 
meanwhile, increasing the rail- 
way listings they carry is seen 
as one way to make their sys- 
tems more appealing as more 
travel 
agencies to book trips directly. 


travelers use online 

The centralized reservations 
systems “are opening up their 
eyes to things they 
would have before,” said Krista 
Pappas, an analyst at Waltham, 
Mass.-based Gomez Advisors 
Inc. D 


never 


utes in its current format. 

“Accessing it through XML 
should make it easier for us to 
use new content as they give it 
to us,” he said. 

Orbitz’s rival travel Web site, 
Expedia Inc. in Bellevue, Wash., 
also praised Pegasus for its 
XML conversion. 

“In general, the hotel indus- 
try is ripe for standardization,” 
said Bob Hohman, Expedia’s 
business unit manager for 
lodging. He added that hotels 
long 
from having a lot of 
information to give 
while lacking the 
tools to present that 
information. 

Andrew Hastings, 
a hotel analyst at 
Gomez Advisors Inc. 
in Waltham, Mass., 
said the hotel indus- 
try by nature, 
spread out geograph- 
ically and technologi- 
cally. He said he believes XML 
“is becoming the default stan- 
dard of the industry that’s go- 
ing to allow [hotels] to become 
much more nimble and reach 
much wider audiences.” 

He praised Pegasus for tak- 
ing the initiative to convert its 
core technology, adding that 
XML will soon be a “must- 
have” for distribution net- 
works like Pegasus’. 

Reynolds said he expects the 
XML system to enter the beta- 
testing phase before June. D 


have suffered 


is, 
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Budding B2B Standard Faces Big Problems 


Spec for sharing consumer data has no users, faces FTC review 


BY PATRICK THIBODEAU 

A data standard created to act 
as a high-tech lubricant for the 
exchange of customer informa- 
tion is facing problems, includ 
ing a just-announced review by 
the Federal Trade Commission 
(FTC) and, perhaps more im- 
portant, a lack of big end-user 
acceptance so far. 

The Customer Profile Ex- 
change standard, or CPEx- 
change, offers companies a 
way around numerous data 
types and the custom-designed 
interfaces needed to translate 
them. If the standard doesn’t 
take off, the process may not 
improve, proponents say. 

“At this point, we do data ex- 
changes that 
Everybody speaks a different 


are disastrous. 


Identity Thefts Skyrocket, but 


language, everybody has ways 
of pushing information — from 
text files to XML. It is very, 
very nasty,” said Henri Asseily, 
chief technology officer at Los 
Angeles-based BizRate.com, a 
that provides cus- 
ratings of 


company 
tomer-generated 
e-commerce sites and one of 
70 companies that is a member 
of CPExchange network. 


No Takers Yet 

The first version of CPEx- 
change was published in Octo- 
ber, but so far, no company has 
adopted it. Most of its backers 
are vendors, with IBM being 
the largest. Only a few major 
end-user companies were in- 
volved in the standard’s devel- 
opment, and two of those com- 


FTC says it will remain a watchdog; 


Davos hack incident shows threat is real | 


BY DAN VERTON 
The number of identity thefts 
in the U.S. has skyrocketed 
during the past 15 months, but 
contrary to public perception, 
very few of those crimes are 
happening online, the Federal 
Trade Commission (FTC) told 
a presidential advisory council 
last week. 

“Identity theft is expanding 
and increasing every day,” said 
Jodie Bernstein, director of the 
FTC’s Bureau of Consumer 
Protection, during the first 
meeting of the President’s In- 
formation Technology Adviso- 
ry Committee. She said 2,000 
calls per week poured into the 
FTC identity theft hotline last 
month alone. But less than 1% 
of all reported cases to date 
can be linked to the Internet, 
she said. The two most com- 
mon causes are lost wallets or 
purses, and mail theft. 

“We don’t see as many Inter- 
net solicitations, but we are 
watching that,” said Joanna 
Crane, program manager for 
the FTC’s identity theft pro- 
gram. She added, however, that 
there is evidence that Internet- 
related thefts, particularly 





e-mail schemes, are increasing. 

When asked by a council 
member if the FTC thinks 
Internet-related cases of iden- 
tity theft are an unreported 


| problem, Bernstein said it’s 
possible but not likely. 


“Our estimate would be very 


| low — maybe 20%,” she said. 


Hacker Incidents Probed 
Council member Larry Smarr, 
strategic adviser at the Univer- 


panies have apparently dis- 
from this 
Corp. in 


tanced themselves 
effort: First Union 
Charlotte, N.C., 
Schwab & Co. in San Francisco. 
Both companies say they have 
no plans to implement the 
standard. 

Asseily said he believes the 
standard can solve the data ex- 
change problems, but the 127- 
page specification is “so com- 
plicated that it’s very, very diffi- 
cult 
heads or tails of it.” 


for companies to make 


He said he doesn’t know if 


the standard will win adoption. 
“Things that fly are simple 
thing: 

Winning end-user support 
for a new standard can be diffi- 
cult in any case. But how will 


Asseily noted. 


and Charles 





The Face of 
Identity Theft 


VICTIM PROFILE 
@ Average age: 42 





® Most often lives ina 
large population center in 
states such as California, 
New York, Nevada, Ari- 
zona or Florida 


® 88% have no relationship 
with the thief 


®@ Typically doesn’t notice 


|. the crime for an average of 
|; 14months 








sity of California’s School of | 


Engineering in San Diego, sug- 


| gested that the FTC consider a 
| hacker incident that happened 
| just last week as an example of 
| the growing threat of identity 
| theft online. 


Personal information and 


| credit card numbers belonging | 
| to high-profile political and 
| business leaders who attended 


the World Economic Forum 
(WEF) in Davos, Switzerland, 
were stolen off a WEF server. 
Microsoft Corp. Chairman Bill 
Gates and former president 


Bill Clinton were among the | 


possible victims. 

Jronically, that break-in made 
potential victims out of many 
of the business leaders who for 


years have defended self-regu- 
lation of industry privacy con- 
trols. Many, including Gates, 
| Dell Computer Corp. Chair- 
man Michael Dell and others, 
have urged the government 
not to intervene by implement- 
ing more regulations regarding 
privacy and protection of per- 
| sonal information online. 


Steven Kobrin, a professor of | 


multinational management at 

The Wharton School at the 
| University of Pennsylvania in 
Philadelphia, has attended the 
last seven WEF summits and 
was among the victims of the 
latest hacker incident. 

According to Kobrin, many 


Less Than 1% 


| based America 


this standard fare if it’s put un- 
der the spotlight of the FTC 
and Congress? 

The FTC will hold a work- 
shop March 13, prompted in 
part by a letter from Sen 
Richard C. Shelby (R-Ala.) 
Shelby claims that the technol 
ogy gives companies a “vastly 
improved ability to share and 
exploit personal information 
in pursuit of profit.” 


Protecting Private Data 

That very public attention 
on the standard could be keep- 
ing end users away. 

“It makes it more difficult [to 
win adoption], no question. On 
the other hand, it also raises 
the issue on people’s radar,” 
said Matthew Doering, CTO at 
QueryObject Systems Corp. in 
Roslyn Heights, N-Y., a devel- 
oper of business intelligence 
software and a 
CPExchange network. 


Moreover, the marketing of 


the standard has just begun. 


Occur Online 


industry executives have been 
outspoken opponents of regu- 
lation during past WEF sum- 
mits and don’t think there’s a 
problem. 

“This year, we had a panel on 
privacy, and people from in- 
dustry said there wasn’t a prob- 
lem,” said Kobrin. “Regulation 
tends to be a dirty word.” 

That’s partly 
could affect companies’ bot- 
tom lines [News, Feb. 5]. Regu- 
lation would mean that com- 
panies would have to invest 


because it 


more in storage technology to 
store information for long pe- 
riods of time and security 
technology to prevent unau- 
thorized access. 

“We are not in the data stor- 
age business,” said John Ryan, 
vice president and associate 
general counsel for Dulles, Va.- 
Online Inc. 
“We maintain records for a 90- 


| day period. That’s longer than 
| most companies.” 


Ryan said the theft from the 


| WEF server is a good example 


of the growing threat of online- 
related identity theft, but tech- 
nically, it’s not a criminal case 


| of identity theft. He said U.S. 


law states that identity theft 


| isn’t a criminal violation unless 
| the stolen information is used 
| to facilitate another crime, and 


that hasn’t happened — yet. D 





member of 


CPExchange 


What it is: A new, XML-based, 
open standard for sharing consumer 
information that allows companies 
to attach a consumer's privacy pref- 
erences. The specifications are at 
www.cpexchange.org. 


What it means for IT: 
As envisioned, it could make data 
interchanges easier. 


What it needs to 
succeed: End user buy-in. 


To succeed, the standard 
will need to be adopted by a 
big end user, said Doug Laney, 
vice president of application 
Meta 


Group Inc. in Stamford, Conn 


delivery strategies at 
He’s cautiously optimistic that 
that will happen. 

“I know that standards de- 
fined by committee that aren't 
developed at a grassroots level 
typically don’t fly without some 
heavy, heavy marketing or visi- 
ble support from a large orga- 
nization,” said Laney. 


Lack of Marketing 


But obvious potential early 
adopters — the members of the 
CPExchange — have clearly 
stepped back. A spokesman for 
Charles Schwab said it was just 
a “fluke” that the firm was listed 
member of the CPEx- 
change; the company had 
joined to pick up some XMI 
tips. A First Union spokes- 
woman downplayed her firm’s 
involvement. A third major end 
user listed the network, 
BarnesandNoble.com Inc., did- 
n't respond by press time. 

A major selling point for 
proponents of the CPExchange 
is the standard’s ability to in- 
corporate an individual’s pri- 
vacy preferences. For instance, 
a company that needs to trans- 
mit consumer data to a suppli- 
er could attach privacy restric- 
tions that set limits on the use 
of the data, such as third-party 
sharing. 

“The main purpose of the 
standard is to provide a safe 
way to ethically pass consumer 
profile information 
companies,” said Doering. 

But privacy advocates worry 
that companies can “just ig- 
nore” the permission features of 
the standard “and use the vastly 
greater facility for exchanging 
personal information,” said Ja- 
son Catlett, president of Junk- 
busters Corp., a privacy advoca- 
cy firm in Green Brook, N_J.D 


as a 


on 


between 





NEWS 


Suppliers Rush to Simplify 
Supply-Chain Systems 


Companies consolidate disparate platforms 
to keep up with e-commerce orders 


BY MICHAEL MEEHAN 
S THE RANKS of 
e-commerce- 
enabled 
grow daily, 
pliers 

finding themselves scurrying 

automate 


buyers 
sup- 
are now 
to streamline and 
their supply chains. 

One such supplier, Hitachi 
America Ltd., decided it could 
no juggle 
data interchange, 
and XMI 
platforms to meet the 
its buyers. 

“We're basically a 
said John Gibb, director 


electronic 
RosettaNet 


orders on 


longer 


separate 
needs of 


sales 
force,” 
of business services at the Bris- 
bane, Calif.-based firm’s semi- 
“We have 
to respond to the customers’ 
requests in this 
There's no saying no.” 

Framingham, Mass.-based 
Staples Inc. also found itself 
dealing with a growing num- 
ber of buyers who preferred 
to use the latest procurement 
applications. 

The supplier’s IT 
organization found 
“formatting for each customer 
who wanted a buyer-hosted 
catalog,” said Anne-Marie 
Keane, vice president for busi- 


conductor division. 


business. 


office 
itself 


ness-to-business e-commerce 
at Staples. “Over time, that’s 
just not a scalable solution.” 


Keeping It Simple 
For both companies, the an- 
swer consolidation and 
simplification. 
Hitachi boiled 
three business-to-business plat- 
forms into a single environ- 
ment. Gibb estimated that the 
yearlong effort will save 
company more than $10,000 
per month. Hitachi also tapped 
Contivo Inc. in Mountain View, 
Calif., to help it map document 
files with new customers. 
“Every new 


was 


down its 


sale 


up our resources,” Gibb said. 
“It can get tedious, but it’s got 
to be done.” 


For its part, Staples pur- 


his | 


| Commerce 
requires | 
more mapping, and it just eats | 


chased business-to-business 
content-management soft- 
ware from Trigo Technologies 
Brisbane, Calif., to 
replace its homegrown user 
interfaces. 

“It’s a natural evolution for 
is,” Keane said. “We’ve been 
working toward this [for] the 
past 18 months, were 
looking for vendors who had 
products that would allow us 


Inc. in 


and we 


to push more content out to a 
larger number of customers.” 


and Hitachi aren't 
These types of supply 
side constraints are to be 
pected in an industry as imma- 
ture as the 
ness e-commerce 
cording to Karen Peterson, an 
analyst at Stamford, 


Staples 
alone. 
ex- 


business-to-busi- 


space, ac- 


Conn.- 


; based Gartner Group Inc. 


“It’s no surprise they've got 
problems,” she said. “It’s just 


| that the products out there to 
| date have lacked the function- 


ality to solve the problems.” 
But that’s expected to 
change soon. Mo Treadway, an 
e-business partner at Price- 
waterhouseCoopers in New 
York, estimated that supplier- 


based 
e-commerce software 
the key 
community 
six months. 


will be 


during the next 


| Lack of Standardization 


“The lack of standardization 
in the supplier products has 
been holding back the liquidity 
of the market,” Treadway said, 


noting that the growth area for | 


software vendors lies between 
the business-to-business trans- 
actions and the suppliers’ 
enterprise resource planning 
systems. 

Gibb said he agrees. “We all 
want one well we can dip into 


Weak Link: Small Suppliers Loath to Spend 


On Business Partner Connectivity 


Seminar: Bigger firms 
should help fill gap 


BY MARC L. SONGINI 

NEW YORK 

Most executives acknowledge 
that it makes business sense to 


| ery 


fully connect and automate their | 


organizations’ supply chains. 

It’s getting there that’s the 
hard part. 

“In an ideal world, I buy into 
it,” said Ted Jackson, CIO at 
Sport Chalet Inc., a Los Ange- 
les-based retailer that 
sporting goods online and at 23 
stores in Southern California. 
“In practice, it gets difficult.” 

Jackson was one of several 


sells | 


IT executives attending an ed- | 


ucational seminar last 
who sounded off on the chal- 
lenge of working with small to 
midsize suppliers that haven't 


quite grasped the need to auto- | 


mate their supply-chain activi- 
The event was sponsored 
Paul, 


ties. 
by St. 
Inc., a 
chain connectivity 
owe 

The need to create a fully 


supply- 


services 


come more important than 


week | 


ever, observers said. Patricia 
Seybold, president of Patricia 
Seybold Group in Boston, told 
conference attendees that cus- 
tomers doing business via the 
Web want to be able 
things such as check the deliv- 
status of products they 
have ordered online. 

Supply chains, she said, are 
“beginning to collapse around 
the customer.” 

Automated supply chains 
can also shore up the bottom 


to do 


essary IT systems, training and 
business process changes that 
needed to fully connect 
with their core business part- 
ners, said Larry Smeltzer, a 
professor of supply-chain 
management at Arizona State 
University in Tempe. 

“We don’t have large-to- 
small-company _—_ connectivity 
taking place,” Smeltzer said. 
With so many small companies 
reluctant to spend money to im- 
plement electronic data inter- 


are 


line. Advanced electronic or- | change (EDI) or Web-based 


dering systems can 
slash inventory and 
operating costs and 
improve a company’s 
earnings by 8% to 
12% annually, accord- 
ing to a Seybold 
report based on sev- 


| en companies using 


Minn.-based SPS | 
| efficiencies 


SPS’s services. 

This kind of end-to- 
end connectivity can 
increase inventory 
turns and slash sup- 
ply-chain costs by 
turns, Seybold 
claimed. 


The problem is, a supply 


chain is only as strong as its 


| connected supply chain with | 
| end-to-end visibility has be- 


weakest link, and small suppli- 
ers have demonstrated little 
interest in investing in the nec- 


JACKSON: Data 
formats make 
e-business harder 
for smaller firms. 


improving | 


transaction links, he 
added, it’s important 
for larger business 
partners to do what 
they can to share re- 
sources and simplify 
the connection pro- 
cess. 

Moreover, noted 
Jackson, when a 
behemoth like The 
Boeing Co. in Seattle 
or Dearborn, Mich.- 
based Ford Motor 
Co. signs on a supplier, the 
supplier is married to the larg- 
er company’s data formatting 
methods, making it harder for 
the smaller supplier to connect 
with other companies. 

And divisions of large com- 


| panies can also face financial 


business-to-business 


focus in the vendor | 
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New Layer of 
Complexity 


Hitachi America used some 
of these steps to rebuild its 
B2B supply-chain systems: 


® Combined three separate 
platforms — EDI, RosettaNet 
and XML protocols — into 
one. 


= Built links between its 

B2B network and company 
enterprise resource plan- 
ning system. 

® Established uniform e-com- 
merce trading guidelines for 
all Hitachi divisions. 


to get information,” he said. 
“We know we can’t dictate 
terms like our customers [can], 
so we're looking for solutions 
to encompass everything.” D 


constraints. “We’re a small to 
medium-size enterprise, even 
though we’re owned by Via- 


| com, a billion-dollar company,” 


said Charles Eigen, director of 


| order processing at Simon & 


Schuster Inc. in Riverside, N.J. 
Large companies face things 

such as fixed budget and sys- 

tems limitations and different 


| priorities, and that limits the 


connectivity projects they can 
engage in. 


Translation Required 

Installing an EDI system at a 
small company requires a 
translator to convert data be- 
tween different systems, said 
Gary Maxey, an information 
systems manager at West Ma- 
rine Inc., a Watsonville Calif.- 
based boating supply retailer. 
That can make it “hell” to try to 
link in mom-and-pop suppliers 
so their data can be viewed by 
customers, he added. 

In addition, some buyers and 
sellers may decide it’s not 
worth it for them to get con- 
nected electronically, despite 


| the low cost of entry via the 


Web. For instance, when Cen- 
dant Membership Services, a 
Trumbull, Conn.-based buying 
club, went live with SPS’s ser- 
vices last September, the sup- 


| pliers list dropped by 100. “We 


mutually agreed that it [the 
SPS connection project] was 
not worth the effort due to the 
low volume [of transactions],” 
said Evan Guttman, director of 
logistics. D 











Trend Micro 


ScanMail for Lotus Notes 










Simple addition 
stops viruses from 
multiplying. 


How do you protect your Lotus Notes 
environment against viruses, when you've 
got so many different platforms to cover? 
Simple. ScanMail® for Lotus Notes. 


ScanMail makes life very difficult for viruses, 





blocking them at the server level before 
they can spread. 


ScanMail makes life Premium 


MES Partner 


easy for administrators, 
allowing you to manage 
your heterogeneous Notes environment 
through a single convenient console. 
ScanMail for Lotus Notes supports more 
platforms than any other Notes anti-virus 
solution: NT, Solaris, AIX, AS/400, and S/390. 


Pema TF gpa 


You can integrate ScanMail with other Trend 
Micro products to provide a single-console 
content security solution for your entire 
enterprise. What could be simpler? 


See why more groupware administrators trust 
ScanMail than any other anti-virus product. 
Get a free evaluation CD—and a free copy of 
our white paper, “Safe Computing Practices’— 
at www.trendmicro.com/35 (or call 
1-800-228-5651). 
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= 
IM Group Working 
On Interoperability 


In the absence of a standard proto- 
col for instant messaging (IM), a 
coalition of service providers last 
week said it's in the final stages of 
testing interoperability specifica- 
tions that would allow users of the 
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Congress to Weigh 
Web Defense Plan 


Texas Republican plans to introduce bill 
that would reshape national cyberdefense 


| BY DAN VERTON 


various IM services to chat with one | 


another. IMUnified published the 
specifications in August and has 
been testing them since then, said 
Estela Mendoza, spokeswoman for 
the group of IM providers. Members 
of IMUnified include AT&T Corp., 
Excite@Home, Microsoft Corp.'s 
MSN Network, Odigo Inc., 
Phone.com Inc., Prodigy Services 
Corp. and Yahoo Inc. 





First Union Denies 
Reports of Major Cuts 


Charlotte, N.C.-based First Union 
Corp. last week denied published 
reports that it plans to significantly 
reduce its IT spending and staff. A 
spokeswoman did confirm that the 
bank has reduced staff in some 
areas, but she said the majority of 
those workers will be able to find 
other jobs within the bank. 

One targeted area is the CIO divi- 
sion, which helps the bank's busi- 
ness divisions with technology 
strategy planning. The infrastruc- 
ture and architecture group, which 
is responsible for activities that in- 
clude tech support, may see some 
additional job cuts by the end of the 
first quarter of this year. “But they 
won't be significant,” the spokes- 
woman said. 


Patient Safety 
Initiative Announced 


The Center for Healthcare Informa- 
tion Management (CHIM), a non- 
profit trade association composed 
of health care vendors and consul- 
tants, announced a patient safety 
initiative at last week’s Healthcare 
Information and Management Sys- 
tems Society conference. Ann Ar- 
bor, Mich.-based CHIM said it will 
begin research by the second quar- 
ter of this year to see how technolo- 
gy can reduce medical errors. CHIM 
will have an independent advisory 
board that will verify any systems- 
performance information that is 
submitted to it. 





| cyberdefenses is gaining sup- | 


REPORT that pro- 
poses sweeping 
changes in the 
way the govern- 
ment organizes its 


port on Capitol Hill. Lawmak- 


ers are preparing to introduce 


legislation this week based on 
the recommendations in the 


| report, which was issued last 
| month by the U.S. Commission 
| on National Security. 


Rep. Mac Thornberry (R- 


| Texas), a member of the House 
| Armed Services 


Committee, 


é ; : 
| plans to introduce a bill this 
| week that would create the Na- 


| tional 


Homeland _ Security 


| Agency (NHSA). 


If approved, the NHSA will 


use the Federal Emergency 


| Management Agency (FEMA) 
| as a building block and will 


possibly replace FEMA in the 


| 
long run. 


| ernment and private-sector ef- 
| forts to protect the nation’s | 
| critical 


NHSA would oversee gov- 


infrastructure from 


| both cyber and physical at- 


ISC Plans to Launch Fee-Based Security Alert Service 


| 
| 
| 
| 
| 
| 
| 
| 





tacks, as called for by the com- 
mission’s report. 

The goal is to create a virtual 
tripwire that can alert the na- 
tional security community to 
significant cyberthreats with- 
out violating the privacy of 
US. citizens or compromising 
the proprietary data of private 
firms, which own and operate 
the bulk of the nation’s critical 
infrastructure. 


Not Everyone's Optimistic 
However, sources close to 
the commission, headed by 
former Sens. Gary Hart and 
Warren B. Rudman, said they 
aren’t optimistic that the re- 
port’s recommendations will 
be turned into action anytime 
soon. They blame an arthritic 


federal bureaucracy burdened | 


by Cold War-era policies, in- 
teragency funding 
and a Bush administration that 
is still trying to figure out what 
its priorities will be. 

“I'm not optimistic at all,” 


rivalries 


said a government source close | 
to the commission. It’s unfor- | 
said, be- | 


tunate, the source 


| cause the commission is offer- 


ing “a neutral model that is not 
pro-industry and is not pro- 
law-enforcement.” 

The bill would also roll up a 
half-dozen agencies currently 
involved in cyberdefense into 
the new structure (see box). 

Harris Miller, president of 
the Information Technology 
Association of America, an Ar- 
lington, Va.-based trade group 





| 
| 
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Still, not everyone is thrilled 
with the idea. 

“T think the commission may 
have done a disservice to infra- 
structure protection by tying it 
to the unachievable goal of cre- 
ating a new agency,” said 
Steven Aftergood, an analyst at 
the Federation of American 
Scientists in Washington. “In 
the absence of an actual crisis, 
the existing national security 
bureaucracy is unlikely to per- 
mit the establishment of a ma- 
jor new competitor for author- 
ity and funds,” he added. 

But Thornberry is commit- 
ted to ensuring that the three- 
year study by the bipartisan 








Defending the 


The proposed National Homeland Security Agency would: 
® Use the Federal Emergency Management Agency as a building block. 
@ Include these agencies and activities: The FBI's Office of Critical Infor- 
mation Technology, the National Infrastructure Protection Center, the Criti- 


cal Infrastructure Assurance Office, private-sector information sharing and 
analysis centers, the Coast Guard, the Border Patrol and the National Guard. 


= Coordinate critical infrastructure protection and cybersecurity 
through a National Crisis Action Center and a CIP directorate. 








comprised of thousands of pri- 
vate firms, said streamlining 
the critical infrastructure pro- 
tection effort in this way would 


| be a welcome development. 


The current structure “is very 
confusing, with many points of 
entry. Having a primary source 
of contact with industry would 
make it a lot easier,” he said. 








The Internet Software Consortium (ISC), which de- 
velops the server software most commonly used to 
direct traffic on the Web, is moving to create a fee- 
based information-sharing club that officials at the or- 
ganization said will give software vendors and other 
companies early warnings about security holes af- 


fecting the ISC’s products. 


The disclosure of the plans for the information ex- 
change came just one week after security analysts at 
the CERT Coordination Center at Carnegie Mellon 
University in Pittsburgh and Santa Clara, Calif.-based 
Network Associates Inc.'s PGP Security subsidiary is- 
sued simultaneous warnings about significant securi- 
ty vulnerabilities in multiple versions of ISC’s widely 
used Berkeley Internet Name Domain (BIND) server 
(see “Hack of the Month,” page 50). 

Paul Vixie, chairman of the Redwood City, Calif.- 
based ISC, said that the new fee-based exchange is 
aimed at opening more direct communication chan- 
nels with software vendors, Internet service providers 
and other companies when holes are found in BIND 
and the other software developed by the ISC. 

“ISC found that speaking to vendors through the 
CERT advisory process was somewhat awkward and 
made for extra work on both sides,” Vixie said. 


nology users. 


direction. 





“The government's policy so far has been that we 
want industry to better organize itself to better share 
information,” Tritak said. For now, “it’s more impor- 
tant than anything else for [the technology] industry 
to take ownership of this issue,” he said. 

Amit Yoran, CEO of Riptech Inc., a network securi- 
ty monitoring firm in Alexandria, Va., said that al- 
though it's imperative that information be shared, 
he’s “not convinced that doing it in a fee-for-service 
approach is the best way to do that.” 


However, the ISC’s plans to set up an exclusive 
information-sharing service have sparked a heated 
debate among some security analysts and tech- 


“What kind of an edge do they really think they'll 
be providing to IT staffs and security administrators?” 
asked Keith Morgan, a network security specialist at 
Terradon Communications Group LLC in Nitro, W.Va. 
“And why would anyone pay for it? | think this is a 
pretty poor precedent.” 

John Tritak, the director of the U.S. Department 
of Commerce's Critical Infrastructure Assurance Of- 
fice, called the consortium’s plan a step in the right 


- Dan Verton 











commission — the first such 
comprehensive review of na- 
tional security structures since 
1947 — doesn’t go ignored, said 
Kim Kotlar, a member of the 
Texas Republican’s staff. 

“You have to do more with 
this report than stick it on a 
shelf,” she said. 

The proposed critical infra- 
structure protection (CIP) di- 
rectorate within the new 
agency would be responsible 
for overseeing critical net- 
works and coordinating gov- 
ernment and private-sector ef- 
forts to address the nation’s 
vulnerability to electronic or 
physical attacks. That effort is 
now done through a maze of 
federal agencies and private 
partnerships. 

Kotlar said Thornberry and 
others are prepared for an on- 
slaught of criticism similar to 
Aftergood’s. She added that the 
plan is not to build additional 
agencies but to streamline 
what is already in place. 

However, with Congress 
evenly split by party lines and 
a profound lack of consensus 
about a security policy, any at- 
tempt at a sweeping reorgani- 
zation right now seems 
doomed, said Aftergood. “In- 
frastructure protection will 
have to proceed on its own 
track,” he said. D 





T:Wom 


Fred didn’t spend enough time planning the operation of his Web site. 


Now his site is down, and he's breathing bisque. 


Here’s some free advice: call Nuclio before you go live. 


Since 1995, we've successfully managed complex heterogeneous 
systems and mission-critical applications for some of the world’s lead- 
ing companies. 

Why have we been successful? Because we take the time to understand 
our customer's business. We develop custom deployment and manage- 
ment plans built to their unique requirements before production begins. 


Nuclio also manages and monitors the health of the customer's appli- 
cation solution day and night through Fusion,” our proprietary automated 
monitoring system. And we've gathered the best application and infra- 
structure professionals in the business. 


In short, Nuclio’s clients are always ready. Are you? 


lf you are planning an e-initiative or are in doubt about the readiness of 
your current IT environment, then please give us a call at 877.665.0597 
or find out more at www2.nuclio.com. 


nuclio 


Be ready.” 
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Oracle Revs Up App 





Server for Marketplace 


Aims enhancements at eliminating 
middleware integration, better support | 


BY DAN VERTON 
RACLE Corp. last 
week announced 
the latest version 
of its Oracle9i 
Application Serv- 

er, which the company claims 

eliminates the need for costly 
middleware integration and in- 
cludes enhancements for busi- 
ness intelligence and wireless 
support. 
Among the 
are a Lightweight Directory 

Access Protocol directory, a 

messaging server, unified mes- 

saging architecture and an em- 
bedded workflow engine, said 


John Magee, senior director of | 


Oracle9i marketing. 


Oracle has also added work- | 
flow and visual design tools | 
| BY TODD WEISS 


and out-of-the-box adapters 
for common application-to- 
application integration. 

The company claims that 


eliminating the need to inte- | 
grate third-party applications | 


gives the product a leg up on 


enhancements 





| other Java-based application 


server products, such as San 
Jose-based BEA System Inc.’s 
WebLogic and IBM’s Web- 
Sphere. 

“As companies are moving to 
make Internet computing part 
of their mainstream IT infra- 
structure, they’re having to put 
all of these pieces together 
from different vendors,” said 





Magee. “That’s becoming more | 
and more of a cost issue for | 


these companies. So the goal 
was to provide a product above 
and beyond the core Java appli- 
cation server.” 

Downloads of Oracle9iAS 
from the company’s developer 
community Web site reached 
370,000 in December, Magee 
said. Oracle has registered 
more than a million downloads 
for its Internet Application 
Server since it was introduced. 

“Anything that makes it easi- 
er for the developer to inter- 








face with the database will be 
welcome,” said Rich Niemiec, 
president of the International 
Oracle Users Group — Ameri- 
cas, a Chicago-based organiza- 
tion for Oracle’s database 
users. “Improvements con- 
cerning e-mail and wireless are 
what developers [and] part- 
ners are asking for most right 
now, and they want easy inter- 
faces to the database.” 
Although several of the an- 
nounced enhancements can be 
classified as elements of an In- 
ternet application platform, 
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some appear to be Oracle's at- 
tempt to redefine the standard 
for Internet Application Server, 
said Mike Gilpin, an analyst at 
Giga Information Group Inc. in 
Cambridge, Mass. 

“Clients are increasingly 
looking to get more of these 
product components from one 
vendor, and Oracle needs to 
have such a complement of 
products to compete across 
the whole platform,” said 
Gilpin. But, he added, users 
have shown that they are quite 
happy to get their database 
management system from a 
different vendor than other el- 
ements of the platform. 

Oracle9i Application Server 
costs $5 per Universal Power 
Unit (UPU) for the standard 
edition, $30 per UPU for the 
enterprise edition and $150 per 
UPU for the wireless edition. D 





Microsoft to Expand Access to Source Code 


Code can be viewed 
but not modified 


Microsoft Corp. is preparing to 
announce a limited expansion 
of its Windows source-code 
sharing program that could 
pave the way for “potentially 


hundreds” of new customers, | 


Decimalization Finds Its 


First Victims at Ameritrade 


BY MARIA TROMBLY 

The first decimalization-relat- 
ed problem of the year has hit 
Ameritrade Holding Corp. cus- 
tomers trying to buy and sell 
bulletin board-traded stocks. 

Standard & Poor’s, a division 
of New York-based The Mc- 
Graw-Hill Cos., on Feb. 5 in- 
cluded incorrect data in its 
ComStock data feed, which 
provides Ameritrade with the 
quotes for these stocks. 

The glitch stemmed from a 
miscommunication with Nas- 
dag Stock Market Inc. in Wash- 
ington, which is in the process 
of converting from using frac- 
tions to decimals in its stock 
quotes. 

The problem was that Nas- 


| president 





| daq began using new message 


types that weren’t interpreted 
properly, resulting in garbled 
data, said David Brukman, vice 
for technology at 
Harrison, N-Y.-based Standard 
& Poor’s ComStock Inc. 

“It was a fairly complex 
change, and a couple of mes- 
sage formats were subject to 
interpretation,” he said. “We 
and a couple of other data ven- 
dors interpreted it differently 
from what Nasdaq intended.” 

Ameritrade discovered the 
problem on the morning of 
Feb. 5 and corrected it by 
6 o'clock that evening, said Phil 
Nunes, a spokesman for the 
Omaha-based company. 

“The people who went to the 








including some corporate 
users, to gain access to the 
code, a company official said. 
Doug Miller, a group prod- 
uct manager for Microsoft’s 
server-level software packages, 
said at the recent LinuxWorld 
Conference & Expo in New 
York that the plan will be de- 
tailed in the next few weeks. 


But, Miller added, the im- | 
pending expansion of the shar- ! 





ing program doesn’t mean 
Microsoft intends to break into 
the world of open-source soft- 
ware collaboration. Under the 
company’s program, the code 
can be viewed but not modi- 
fied in any way. “The intention 
is not to allow the chaos you 
have in the open-source world, 
where people create code that 
may be incompatible,” he said. 

Those who have taken ad- 





Web site to trade were asked to 
call an 800 number and con- 


| duct the trade with a broker,” 


he said. However, the affected 
customers weren’t required to 
pay the higher broker-assisted 
trading price. 

Nunes said Ameritrade is 
still evaluating how many 
customers were affected and 
how much the glitch cost the 
company. 

Ameritrade wasn’t the only 
broker affected. According to 
Wayne Lee, a spokesman for 
Nasdaq, approximately 10% of 
the recipients of that data feed 
had problems interpreting the 
decimal-based messages. Recip- 
ients included London-based 
Reuters Group PLC and Rose- 
land, NJ.-based Automatic Data 
Processing Inc. 

Most of the other recipients 
fixed the problem the same 
day or on Feb. 6, Lee said. 

He added that Nasdaq had 
kept its clients fully informed 





that this particular feed was 
switching over to decimals, 
with vendor alerts on its Web 
site, e-mails and telephone 
communications. 

According to Larry Tabb, an 
analyst at Needham, Mass.- 
based TowerGroup, the Com- 
Stock glitch was the first prob- 
lem reported with the decimal- 
ization process. D 





Next Up: Decimals 
s 

- age 

- For Securities 

3 MARCH 2: Pilot of 15 securi- 

2 ties will begin. 


< MARCH 26: Second pilot, of 


approximately 150 securi- 


- ties, will begin. 


9 APRIL 9: Nasdaq equity 
securities will be fully con- 
= verted to decimals. 











vantage of the program in the 
past include hardware, inde- 
pendent software and chip 
vendors, plus an unspecified 
number of corporate users, 
a Microsoft spokesman said. 
“The criteria generally is large, 
good customers of Microsoft,” 
he said, declining to provide 
numbers. 

Like many other vendors, 
Microsoft has been providing 
its source code to some ven- 
dors and users for years, Miller 
and analysts said. Until now, 
though, the practice has been 
done quietly behind the scenes 
and under strict confidential- 
ity agreements, he said. 

By getting access to the 
code, IT troubleshooters can 
work backward to solve prob- 
lems that may arise in soft- 
ware. Some large Windows 
users “feel that if they have ac- 
cess to the source code, they 
can get to the bottom of the 
problem faster,” Miller said. 

Last week at its Windows 
Embedded Developers Con- 
ference in Las Vegas, Micro- 
soft announced that leading 
silicon vendors will be given 
access to Windows CE source 
code so that they can optimize 
the operating system for their 
architectures. Members of the 
Windows Embedded Strategic 
Silicon Alliance include Lu- 
cent Technologies Inc.’s Mi- 
croelectronics Group, Hitachi 
Ltd., Intel Corp., NEC Corp. 
and Toshiba Corp. D 





Reporter Carol Sliwa contrib- 
uted to this story. 
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Microsoft Corp. announced last 
week that it has sold more than 

1 million copies of Windows 2000 
Server since its release last Febru- 
ary. Group product manager Bob 
O'Brien said Windows NT 4.0 took 
17 months to reach that mark. How- 
ever, O’Brien declined to provide 
any breakdown of the type of Win- 
dows 2000 licenses sold - such as 
entry-level Windows 2000 Server, 
Advanced Server or Datacenter 
Server. He also declined to differen- 
tiate the number of licenses that 
went to resellers vs. corporations. 


| into 
| which could lessen the gap in 
the years ahead. 





Feedback Sought 
On Signatures Law 


The Federal Trade Commission and 
the U.S. Department of Commerce 
last week said they plan to hold a 
workshop April 3 on a provision of 
the new digital signatures law that 
requires companies to get consent 
from customers before using elec- 
tronic documents in business deal- 
ings. The agencies said the work- 
shop is aimed at assessing “the 
benefits and burdens of the con- 
sumer consent provision” of the 
Electronic Signatures in Global and 
National Commerce Act. The bill 
was signed into law last spring by 
former president Bill Clinton and 
took effect in October. 


technology 
| the 
| median income for men was 





Short Takes 


BARNESANDNOBLE.COM INC. in 
New York posted a fourth-quarter 
loss and said it will cut 350 full- 
time employees, or 16% of its work- 
force. ... WORLDCOM INC. report- 
ed fourth-quarter earnings of $1 bil- 
lion, down 40% compared with 
$1.6 billion a year earlier. Officials 
declined to comment on reports 
about a reduction in the company’s 
workforce. . . . FREIGHTWISE INC., 
a Fort Worth, Texas-based freight 
transportation online marketplace, 
is shutting down after two months 
in business. . . . VERIZON COMMU- 
NICATIONS in New York last week 
announced plans to build and oper- 
ate its own global network to carry 
data, Internet and voice traffic. One 
day earlier, SPRINT CORP. had out- 
lined a revamped international 
strategy that includes expanding its 
IP network across Europe and Asia. 





~ NEWS 
Wall St. TT Women 


‘Trail Men in Pay 


BY MARIA TROMBLY 


EN STILI 
50% more than 
women among 
Wall Street’s IT 
professionals, a 
new survey revealed last week. 
But more women are breaking 
most upper IT ranks, 


According to a just-complet- 
200 financial 
professionals in 
industry, the 


ed survey of 
securities 


$218,000 — and only $143,000 
for women. The survey was 
conducted by New York-based 
AG Barrington Inc. 

The difference, according to 
survey author and AG Barring- 
ton managing director Alan 
Geller, is work/life balance 
issues that have been keeping 
women out of the highest- 


| paying direct sales jobs. 


Geller, who tracks some 
3,000 people working in the 
securities industry, says that 
women are greatly underrep- 
resented in sales. 

“Based on our research, of 
the 131 individuals who hold 
the title of director of sales or 
worldwide head of sales in 
Wall Street firms, only 12 are 
women,” he said. 

The reason for this, accord- 
ing to Geller, is that these posi- 
tions typically demand a great 
deal of travel and a large time 
commitment. 

“The quality-of-life issues 
were definitely more impor- 
tant to the women than the 
men,” Geller said. 


More Men Seeking Balance 

This situation might be 
changing, however. 

“I’m seeing many more men 
wanting more work/life bal- 
ance,” said Kristine Hanna, co- 
founder and CEO of GirlGeeks 
Inc., a San Francisco-based 
Web site for female IT profes- 
sionals. 

In addition, she said, compa- 
nies are beginning to redefine 


EARN | 





| Survey: Work/life balance challenges 
keep women out of highest-paying jobs 


their job descriptions. 
“The corporations are real 


izing that they need to hire | 
| freshing 
said, only about 10% of her | 


these women,” Hanna said. 


“Women are in such a power- 


ful position right now because | 
the companies need them. It’s | 
about diversity, but it’s also | 
| becomes much narrower and 


about the bottom line.” 


Penelope Powell, vice presi- | 
| dent of regional sales at New 


York-based 
market data 


ILX Systems, a 


firm, said 


that | 
she’s experiencing the work- | 


force changes firsthand. 
Ten years ago, there were 
hardly any women on Wall 


| Street, she said. “I was a trail- 
| blazer then, but I’m not any- 


more,” Powell said. “I’m calling 


| on more and more women in 


Wall Street firms — that’s a re- 
change.” Still, she 
clients are women. 

Putting aside the issue of 


direct sales, the salary gap 


can be attributed, in a large 


| part, to a slight difference in 


years of experience, Geller 


said. The median number of | 


years of experience for the 


Brokerage Joins Movement 
Away From Net Pure-Plays 


Spun off in 1997, online broker Suretrade 
will be folded back into Quick & Reilly 


BY MARIA TROMBLY 
In another example of the 
move away from Internet pure- 
plays, online brokerage Sure- 
trade Inc. will be folded back 
into parent company Quick & 
Reilly Inc. on March 3. 

The two firms are both part 
of Boston-based FleetBoston 
Financial Corp., the seventh- 
largest financial holding com- 
pany in the U.S. 

A “modest number” of the 
325 people working at Sure- 





Quick Facts 


Lincoln, R.I. 


500,000 


customers 


QUICK & REILLY 


New York 


1.3 MILLION 


customers total 


430,000 


online customers 











trade’s Lincoln, R.I., headquar- 
ters will find their jobs elimi- 
nated as a result of the return, 
said Charles Salmans, a spokes- 
man for New York-based 
Quick & Reilly. For 
example, he said, 

there’s a lot of dupli- 

cation in the compli- 

ance departments of 

the two companies. 


Following the Trend 

The consolidation is part of 
a trend toward bricks-and- 
clicks, said Larry Tabb, an ana- 
lyst at Needham, Mass.-based 
TowerGroup. Online-only bro- 
kerages are becoming increas- 
ingly rare, he said. 

“There are still players who 
don’t have physical presences,” 
said Tabb. “Some will be rele- 
gated to being niche players. 
The majority of them will ei- 
ther create a physical presence 
or be acquired.” 

According to Salmans, Quick 
& Reilly spun off Suretrade in 
1997 after rolling out Web- 
based trading in 1996. 

Lincoln, R.I., was chosen as 





| 
| 
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Popular IT Posts 


Most popular Wall Street 

IT jobs for men: 

1. Project management 

2. Account/relationship 
management (tie) 

3. Direct sales 

4. Software architecture 

5. E-business strategy 


Most popular Wall Street 


: IT jobs for women: 
2 1. Project management 
| 2. Account/relationship 


management (tie) 


> 3. Market data services 
|: 4. Marketing/business 


development 


“ 5. Data architecture and 


management 








women who were surveyed 
was 12.5 years, while for men it 
was 14 years. D 


SureTrade’s headquarters be- 
cause the labor market there is 
less expensive, Salmans ex- 
plained. 

After last year’s downturn in 
the stock market, however, 
customers began to demand 


| more individual attention and 


advice, he said. 

“Quick & Reilly was much 
better suited to be able to 
deliver that because of the na- 
tionwide investor center net- 
work that we have,” he said. 

As a result of the consolida- 
tion, Suretrade customers will 
be able to get advice from 

Quick & Reilly bro- 

kers, and Quick & 

Reilly customers will 

be able to use the 

Suretrade online trad- 
ing platform, which will retain 
that brand name. 

The pricing structure will 
also change. Customers cur- 
rently pay $7.95 to $9.95 for on- 
line trades through Suretrade. 
This fee will increase to match 
Quick & Reilly’s online trading 
prices of $14.95 to $19.95. 

Other online brokerages are 
making moves toward the 
physical world as well. 

Menlo Park, Calif.-based 
ETrade Group Inc., for exam- 
ple, will open its first real- 
world branch in New York in 
April. The firm also an- 
nounced plans about two 
weeks ago to open 20 branches 
in Target retail stores, which 
are owned by Minneapolis- 
based Target Corp. D 
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Continued from page 1 


Web Services 


the quote requests and sends 
message receipts and final 
rates. Tom Winn, InsurePoint’s 
chief technology officer, said 
his company would be able to 
offer similar Web services 
from other large insurance car- 
riers because of the built-in 
Web services. 

“Rating is a complicated 
process, and we didn’t want to 
rebuild [functionality] that 
was already available on an- 
other site,” Winn said. “In a 
grand sense, it’s distributed, 
and ultimately, that’s the way 
we want to communicate with 
each insurance carrier, be- 
cause it’s the most efficient 
way to get the information.” 

But as of last week, all of the 








major operating system ven- 
dors — Microsoft, IBM, 
Hewlett-Packard Co. and Sun 
— had competing initiatives 
under way to build software 
that uses remote procedural 
calls) HTTP and XML. They 
also endorse the Universal De- 
scription, Discovery and Inte- 
gration directory, which allows 
businesses to publish the type 
of Web services they offer. 

“This is a call to developers 
that they’re no longer building 
applications for [within the] en- 
terprise,” said Josh Walker, an 
analyst at Forrester Research 
Inc. in Cambridge, Mass. 

Sun’s two-year road map for 
Sun ONE includes a portfolio of 
new software. But two years is 
too long for some companies, 
Walker said, noting, “Bleeding- 
edge firms will not wait.” 

Put General Motors Corp. in 
that camp. GM is building into 


its vehicles a Web services in- 
frastructure that uses Java and 
Sun’s wireless Jini software, 
according to Mark Hogan, 
president of the e-GM unit. 

But the world’s largest auto- 
maker has also infused its ex- 
tensive Web and telematic (in- 
vehicle communications) of- 
ferings with Web services that 
fall outside of Sun’s realm. And 
they won't wait for Sun or oth- 
er vendors to deliver the ser- 
vices and tools. 

Last spring, GM, on its own, 
began revamping its OnStar in- 
vehicle communications ser- 
vice with a distributed infra- 
structure that utilizes Web ser- 
vices in the form of XML- 
based voice files on wireless 
devices. It’s also using Web 
services for a human resources 
portal launched in November 
that can be accessed via the 
Web or television. D 





Continued from page 1 


Wireless LANs 


ber of flaws” in the Wired 
Equivalent Privacy (WEP) 40- 
bit algorithm used to secure all 
IEEE 802.11 standard wireless 
LANs. These flaws, the Inter- 
net Security, Applications, Au- 
thentication and Cryptogra- 
phy (ISAAC) report stated, 
“seriously undermine the se- 
curity claims of the system.” 
The ISAAC report said wire- 
less LANs have several vulner- 
abilities, including a suscepti- 
bility to passive attacks aimed 
at decrypting traffic based on 
statistical analysis — a process 
made easier by the broadcast 
nature of wireless systems. 
WEP also has flaws that make 
it easier to inject unauthorized 
traffic from mobile base sta- 
tions and that make traffic vul- 
nerable to decryption by trick- 
ing the base station, which in 
turn is connected to a wireless 
network, the report said. 
Enterprise network man- 
agers said the ISAAC report 
highlights problems inherent 
in wireless LANs. But they said 
savvy users have already fac- 
tored the vulnerabilities into 
their defensive architecture. 
Michael Murphy, director of 
IS support services at Min- 
neapolis-based Carlson Hotels 
Worldwide, said his organiza- 
tion plans to deploy a wireless 
LAN architecture encompass- 
ing about 250 properties. “I’ve 





been aware of the shortcom- 
ings in WEP for some time,” 
Murphy said. “I want some- 
thing stronger [including] 
VPN encryption.” 

Tom Mahoney, network 
manager at Franklin & Mar- 
shall College in Lancaster, Pa., 
is in the midst of deploying a 
100-node wireless LAN from 
Apple Computer Inc. A virtual 
private network (VPN) “seems 
to be a reasonable solution to 
the problem,” he said. But 
“only end-to-end encryption 
will provide true security.” 

The security warning comes 
as wireless LANs — which cur- 
rently provide high-speed con- 
nections at 10M bit/sec., with 
new products in the pipeline 
that will double that speed — 
continue to gain popularity in 
the corporate and home mar- 
kets. Gartner Group Inc. in 
Stamford, Conn., estimates 
that more than half of Fortune 
1,000 companies will have de- 
ployed wireless LANs within 
two years. 

John Pescatore, a security 


Wireless LAN 
Security 


& The Berkeley report says 802.11 encryp- 
tion is “seriously” flawed, making it easy to 
mount passive and active attacks. 


@ IT managers say users should beef up 
wireless networks with VPNs and end-to- 
end encryption 





® New products include longer keys gener- 


ated on a per-session, per-user basis. 





analyst at Gartner Group, said 
the proliferation of enterprise 
wireless LANs demands in- 
creased security because every 
laptop equipped with a wire- 
less PC LAN card is a potential 
“sniffer.” 

Pescatore said the under- 
ground hacker community is 
hard at work developing 
downloadable scripts to tap 
into wireless LAN networks, 
and he predicted that such 
tools will be available this year. 

“Within six months, ‘script 
kiddies’ are going to be able to 
drive around corporate cam- 
puses” and easily tap into un- 
protected networks, he said. 

Phil Belanger, chairman of 
the Mountain View, Calif.- 
based Wireless Ethernet Com- 
patibility Alliance, down- 
played the ISAAC report. 

“This is not new news,” Be- 
langer said, noting that the IEEE 
has a group working to beef up 
wireless LAN security. Organi- 
zations should take steps to se- 
cure their wireless LANs, he 
said, suggesting that they could 
use 128-bit keys and exchange 
data over VPN “tunnels” when 
using a wireless LAN. 

Vendors started taking steps 
last year to enhance wireless 
LAN security. The Orinoco di- 
vision of Lucent Technologies 
Inc. in Murray Hill, NJ., and 
Cisco Systems Inc. in San Jose 
have introduced products that 
provide automatic encryption 
key generation and distribu- 
tion of enhanced keys on a per- 
session basis. D 
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Sun: Paving the Road to Web Services 


Sun's Web services strategy, Sun 
ONE, is designed to compete with 
Microsoft's .Net initiative. But it 
should pave the way for the devel- 
opment of smart Web services 
that would run on a variety of 
computing platforms, from PCs to 
handheld pagers and cellular 
phones and even communication 
systems built into cars, according 
to Scott McNealy, Sun’s chairman 
and CEO. 

The initiative comprises a tech- 
nology infrastructure culled from 
Sun’s Forte development tools 
and the iPlanet server packages 
that were developed through an 
alliance with Netscape Communi- 
cations Corp. 

Sun plans to deliver the addi- 
tional parts of the Sun ONE infra- 
structure over the next two years, 
Officials said. It includes five 





e-commerce applications built by 
iPlanet, a service deployment en- 
gine that supports XML and a de- 
veloper’s release of the new Web- 
top development tool. 

It also marks a more aggres- 
sive foray into software applica- 
tions and services for Sun, which 
is the maker of hardware and the 
originator of the Java develop- 
ment language. 

Rob Enderle, an analyst at Giga 
Information Group Inc. in San 
Jose, said the transition may prove 
a difficult course to navigate. 

“Sun management does not 
fundamentally understand soft- 
ware,” he said. “Its like a hockey 
team winning the Stanley Cup, 
then deciding that they want to 
play professional basketball or 
football.” 

~ Lee Copeland Gladwin 











Continued from page 1 


Domains 


Numbers (ICANN). 

Vinton Cerf, who took over 
late last year as chairman of 
the ICANN board, defended 
the process through which the 
Marina Del Rey, Calif.-based 
organization approved the 
new domains. But he agreed 
that ICANN should reassess 
the process. “I absolutely ac- 
cept the idea that we need to 
re-examine the procedures 
that we used,” Cerf said during 
the hearing. 


Procedural Challenges 


Members of the Commerce 
subcommittee pulled no 
punches with Cerf and other 
ICANN officials. 

“ICANN was not given au- 
thority to assume [a policy- 
making] function and [yet] ap- 
pears to be accountable to no 
one except God almighty for 
its actions,” said Rep. John 
Dingell (D-Mich.). 

Rep. Edward Markey (D- 
Mass.), vice chairman of the 
subcommittee, added that 
events at the Vatican “are 
shrouded in less mystery than 
how ICANN chooses new top- 
level domains.” 

The examination of ICANN’s 
procedures stems from its han- 
dling of the top-level domain 
selection process that resulted 
last November in the approval 
of seven new domains — .aero, 





biz, .coop, .info, .museum, 
-name and .pro — that are due 
to join existing domains such 
as .com and .org. More than 
200 proposals were submitted 
by 44 applicants, each of 
whom had to pay a $50,000 ap- 
plication fee. 

The ICANN board decided 
to limit the introduction of new 
top-level domains, at least ini- 
tially, to keep the changes to 
the domain name system at a 
manageable level. But in doing 
so, it rejected applications 
from companies that seeming- 
ly met all the predefined tech- 
nical and financial require- 
ments. Critics accused the 
board of running a subjective 
and arbitrary selection process. 

The subcommittee could ex- 
ert a heavy hand on ICANN by 
asking the U.S. Department of 
Commerce to halt the intro- 
duction of the seven new do- 
mains. But Rep. Fred Upton 
(R-Mich.), the panel’s chair- 
man, said after the meeting 
that he doesn’t expect to take 
that step. “I don’t think anyone 
is seeking to see that happen at 
this point,” he said. 

That’s apparently a relief for 
Cerf. “I think we need to get 
going on the first set [of new 
top-level domains],” he said in 
an interview. “The sooner we 
can get them up and running, 
the sooner we will get some 
feedback, and that will satisfy 
our uncertainty” about the 
ability of the naming system to 
handle more top-level do- 
mains, he said. D 
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U.S.-funded machines are launching pads 
for cyberattacks on business Web sites 





BY DEBORAH RADCLIFF 
LITTLE OVER a 
year ago, on Feb. 7, 
2000, the first 
wave of distrib- 
uted denial-of-ser- 
vice (DDOS) attacks hit Inter- 
net portal Yahoo Inc. During 
the next few days, other high- 
profile Web sites — including 
eBay Inc., Buy.com Inc., Ama- 
zon.com Inc., ETrade Group 
Inc. and CNN.com were 
knocked off the Net by millions 
of packets coming from thou- 
sands of far-flung computers. 

But the stage was set for 
those high-profile attacks back 
in the summer of 1999. That’s 
when university systems began 
finding software agents — tools 
planted by hackers to launch fu- 
ture denial-of-service attacks 
— hidden on unprotected ma- 
chines inside their sprawling 
networks. In August of that 
year, a preliminary DDOS inci- 
dent took down several hun- 
dred hosts at universities. 

So it wasn’t a huge surprise 
that, when the full-scale DDOS 
assault happened in February, 
many attacks could be traced 
back to computers tucked 
away in research departments 
at Stanford University, the 
University of California at 
Santa Barbara, the University 
of Washington, Oregon State 
University and James Madison 
University, to name a few. 

“Why were universities so 
involved in these attacks? 
Because they’re naked,” said 
Stephen Northcutt, head of 
the SANS Institute’s Global 
Incident Analysis Center in 
Bethesda, Md. “They’re sitting 
out there on the Internet with 
no firewalls or anything.” 

So naked are many of these 
university computers that the 
problem caught the attention 
of Jeffrey Hunker, who was 
director of the critical infra- 
structure outreach program at 
the National Security Council 
(NSC) during the Clinton ad- 
ministration. 





“Universities were a major 


contributor to the DDOS at- 
tacks. They’ve always been a 
major contributor to security 
problems. This is clearly an 
area which I believe the [Bush] 
administration should tackle,” 
Hunker said. 


vestigator at New Technolo- 
gies Inc. in Gresham, Ore., said 
securing computers at univer- 
sities is complicated by a num- 
ber of factors: lack of money, 
transient students who run 
(and tinker with) the machines 
and zero accountability. Uni- 





NEWS 


University Computers 
Remain Hacker Havens 


| Changes Afoot 





versity IT departments don’t | 
have responsibility for secur- | 
ing the research machines — | 
and it’s not clear who does | 


have that responsibility. 

“In many universities, there’s 
really no way for IT staff to 
know what machines are out 
there, especially in the research 
areas,” said Randy Marchany, 
coordinator of a computer se- 
curity center for Virginia uni- 
versities, which he operates out 
of Virginia Polytechnic Insti- 
tute and State University (Vir- 
ginia Tech) in Blacksburg, Va. 

Hackers have long consid- 
ered university systems their 
playground, according to a 28- 
year-old East Coast hacker 
who goes by the handle “Yet- 
zer-Ra.” The research comput- 
ers have the Internet access 
and processing power to do 
most anything hackers want 
them to do — and often they sit 
unsupervised and unused. 


No Money for Admins 

Typically, the computers 
themselves were obtained with 
grants from U.S. science agen- 
cies that are more interested in 
advanced research than com- 
puter security. 

“Researchers are given mon- 
ey by the National Science 
Foundation [NSF] and the Na- 
tional Institutes of Health to 
buy computers to conduct re- 
search. But they can’t use that 
money for system administra- 
tors or security manpower. 
They can only use that grant 





| with 
Kurt Bryson, a forensics in- | 


money for equipment,” ex- 
plained Dave Dittrich, a senior 
security engineer at the Uni- 


versity of Washington in Seat- | 
tle. Dittrich was one of the first | 


people to discover denial-of- 
service agents lurking in uni- 
versity networked systems. 


When researchers get these | 


government-funded comput- 
ers, they plug them in, replete 
all their default 


Ppass- | 


words, vulnerable services, un- | 


patched programs and listen- 
ing ports. Student researchers 
reconfigure the machines, add 
and delete a lot of software and 


should hold the grantees ac- 
countable — or how. 

Clamping down on_ re- 
searchers could chill the very 
innovation the grant programs 


1 


government-funded research 
itself — could be stolen. So his 
department is working with 
Educause, a Washington-based 
nonprofit association of 1,800 
universities, address the 
problem. 


to 


Last July, Educause formed a 
task force on systems security 


| that’s disseminating to univer- 


are trying to foster, said George | 
Strawn, executive officer of the | 


NSF’s Computer, Information 


Science and Engineering Di- | 


rectorate in Arlington, Va. 


“First of all, great things hap- | 
pen in our distributed univer- | 


sities when you get rid of some 
of the bureaucracy tied to IT 


support. It unleashes a lot of | 


creativity,” said Strawn, who 


comes from a university sys- | 


DAVE DITTRICH at the University of Washington says university grant 
money is restricted to equipment, so security is neglected. 


then move on, leaving the ma- 


chines to other students, or in | 


some cases, to no one. 

So last summer, Hunker 
called the NSF to discuss 
changing the grants process so 
that agencies could fund com- 
puter security, too. But an NSF 
spokesperson responded that 
it’s not up to the granting 
agency to ensure that systems 
are properly secured. 

A White House Office of 
Management and _ Budget 
(OMB) memo acknowledges 
that securing and managing 
computer equipment is up to 
the grantees. But the OMB 
document doesn’t say who 





tems background. 
“The research universities 


| helped build the Internet,” he 


continued. “Now they’re work- 
ing on Internet 2. And new pro- 


sity IT departments some tacti- 
cal guidelines for DDOS detec- 
tion, prevention and response. 
Educause has several security 
working groups, including a 
fast-hit program to try to get 
universities to at least address 
the top 10 vulnerabilities and 
an awareness committee to ed- 
ucate nontechnical university 
officials and research faculty. 
“We've been well aware of 
the security problems at uni- 
versities and colleges — and 
the fact that higher education 


| was implicated in the DDOS 
|} attacks,” said Mark Lukor, an 


Educause vice president. “Every 


| one of those 1,800 campuses 


involved in our program is 


| working on their own campus 
| security now, so you're already 
| starting to see some change. 


But it’ll probably take a year or 


two to educate everyone.” 


Plus, universities themselves 


| are forming Computer Incident 
| Response Centers such as the 
| one in Virginia. And Virginia 


Tech has started to keep track 


| of the machines on its network 





by charging a $5 “port fee” for 
any new computer plugging in 
to the network. At the time of 
the new connection, an admin- 
istrator is assigned oversight 
for that machine. 

These are steps in the right 
direction and will reduce the 


| risk of universities wreaking 


| com, said observers. But 


tocols, like the IT infrastructure | 


to support full-motion video 
and telepresence, are coming 
out of these universities, too. A 


firewall would pretty much kill | 
| consultant at the University of 
| California at Davis. 


that kind of innovation.” 
However, Strawn acknowl- 


edged there are downsides to | 
bad security at the university | 
| tem for the past three months,” 


level. One is the legal liability 


to Web businesses that get | 
| attacks are or will be forming 


hacked from university com- 


puters. Another is the fact that | 
intellectual property — the | 


havoc on Internet neighbors 
such as Seattle-based Amazon.- 
acad- 
emia has a long way to go to 
eliminate its role as the weak- 
est link in the security chain. 
Universities are already wor- 
ried about a new type of dis- 
tributed attack that could be 
launched from academic sys- 
tems, said Tedd Heberlein, a 
computer security research 


“We’ve had FTP attacks rag- 
ing through the university sys- 
he said. “And my guess is these 


the backbone for some sort of 
future distributed attacks.” D 
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It couldn't have come at a better time. With 
eBusiness storage needs typically doubling every 
18 months, and the growing demand for 100% 
uptime and availability of servers, IT administrators 
are facing ever-greater challenges. 

New ARCserve® 2000 is the answer. SAN environ- 
ments are becoming increasingly popular as busi- 
nesses recognize the importance of a separate 
storage management infrastructure. With serverless 
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Store Plus Hundreds Of Other Enhancements. 


backup and restore, ARCserve 2000 represents The new Web-based GUI delivers the power 
a major breakthrough in data storage. With SAN, to manage far-flung data backup and recovery 
there are several new industry-leading capabilities operations from a single location. And disaster 
like shared tape libraries and high-speed data recovery can be as simple as a single step. 
transfer. High performance, industry standards, easy to 
ARCserve 2000 leverages industry standards use, and unprecedented value. Just a couple of 
for assured compatibility with incredibly easy imple- reasons why new ARCserve 2000 is the best 
mentation. It offers the first scalable, proven enter- Storage solution for the eBusiness revolution. 
prise-class data protection that’s really easy to use. Visit ca.com/arcserve for more information. 
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Wireless Technology 
Changes the Face of CRM 


Analysts predict widespread acceptance 
of technology in near future 


BY MARC L. SONGINI 
ENERAL Motors 
Corp. helps dri- 
vers figure out 
what to do when 
the ambiguous 

“check engine” light goes on. 

For subscribers to the De- 
troit-based company’s OnStar 
wireless customer relationship 
management (CRM) program, 
special diagnostic services are 
available to let drivers know 
whether the light is an indica- 
tion to pull over immediately 
or drive to the nearest garage. 

The said Bruce 
Radloff, CIO at GM’s OnStar 
unit, includes wireless links to 
a call centers running CRM ap- 
plications from Cupertino, 
Calif.-based Chordiant Soft- 
ware Inc. 

OnStar, been 
available for five years, has a 
high retention rate, and GM 
has been able to use it as a sales 
tool, said Radloff. 

This may be the future look 
of CRM, according to analysts. 

The proliferation of wireless 
technologies such as the Wire- 
less (WAP) 
format as 
well as devices such as smart 
cell phones, personal digital 
assistants (PDA) and pagers 


service, 


which has 


Access Protocol 


communications 


will change the face of CRM, 


said Dan Goldsmith, a consul- 
tant at PricewaterhouseCoop- 
ers in New York. Within a few 
years, salespeople and mobile 
service personnel will be able 
to access relevant customer 
data with Web-enabled hand- 
held devices they 
may be, increasing efficiency 
and helping their companies to 
cut expenses, he said. 


wherever 


New Alliances Forming 


Very few wireless CRM sys- 


tems have been up and running | 
as long as OnStar, and the un- | 
| emerging countries. 


derlying technology has seen 


limited acceptance. However, | 


that could start to change as 


early as this year, say analysts, | 
because a number of heavy- | 


weight vendors, such as Micro- 


| conditions in 


soft Corp., Siebel Systems Inc. 
in San Mateo, Calif., and Palm 
Inc. in Santa Clara, Calif., have 
Start 
business 


announced alliances to 


delivering wireless 
applications to before 
the end of the year. 

Wireless 


users 


make it 
and sales 


devices 
easier for service 
personnel to access CRM data 
anywhere. And with support 
costs of about $1,500 per year, 
they are far cheaper to main- 
than PCs, which 
$15,000 annually per user, said 
Goldsmith. 

And customers themselves 
should be able to start access- 
ing service applications with 


tain cost 


wireless devices within a few 
years, say analysts. Indeed, a 
report released last month by 
Newton, Mass.-based Cahners 
In-Stat Group indicated that 
wireless devices will surpass 
PCs as the popular 
method of accessing the Web 
over the next several years. 
Customers are already able 


most 


to use wireless devices to 


check the status of packages | 


being delivered by 
Atlanta-based Unit- 
ed Parcel Service of 
America Inc., which 
rolled out the 
vice in September. 
UPS customers can 
determine the 
estimated delivery 
times of their pack 


ser- 


also 


ages using PDAs or 
cell phones. 


UN, IT Leaders Brainstorm 
On Foreign Development 


Officials discuss 


best use of IT to aid | 


developing nations 


BY THOMAS HOFFMAN 
NEW YORK 

While business and govern- 
ment leaders hunkered down 
to discuss global issues in the 
tiny resort village of Davos, 


| Switzerland, last week, a group 
| of United Nations delegates 


and IT industry officials gath- 
ered here to discuss possible 
approaches to leveraging IT to 
improve social and economic 
developing 
nations. 

The upshot is that govern- 
ment, academia and business 
need to partner more often to 
create business and education- 
al opportunities for citizens in 
But to 
help make that happen, said at- 
tendees, governments will 
have to open their markets to 
investment capital. 

The problem for many un- 





derdeveloped nations is that 
“there is a severe lack of capi- 
tal,” which is needed to im- 
prove primary and secondary 
education, as well as to sup- 
port the growth of industry 
and improve the existing com- 
munications _ infrastructures, 


| said Percy Mangoaela, the UN 
ambassador from Lesotho. 


Mangoaela was one of 17 at- 
tendees of the roundtable dis- 


| cussion co-sponsored by the 


UN Working Group on Infor- 


ONSTAR CIO Bruce 
Radloff: Wireless 
CRM boosts sales. 


It costs UPS 10 cents per call 
to access CRM data via wire- 
less Web connections. Using a 
phone, the cost rises to $2.50 


per call. 


| Obstacles to Implementation 


Still, there are obstacles to 
implementing wireless CRM 
systems. 

Although the technology un- 
derlying CRMis sound, said 

Goldsmith, compa- 

nies need more de- 

vices that can com- 
municate in a wire- 

less format to achieve 

greater results. 

For instance, that 

cell phones to scan 
bar codes or read 
customer informa- 
tion off of jukeboxes 


worldwide association of IT 


| professionals based in Kings 


Park, N.Y. The event was held 
at the residence of the Danish 
Mission to the UN. 

One organization that’s help- 
ing is New York University 
(NYU). The school is working 


| with U.S. and Albanian govern- 
| ment agencies and businesses 


to set up a computer sciences 
degree program for several 


| hundred students in Albania. 
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| or automated teller machines. 


Plus, making CRM applica- 
tions run on a variety of wire- 
platforms — _ including 
and Windows 


less 


Palm devices 


| CE-based appliances — is an- 


other major obstacle. 

Some potential corporate 
customers are hesitant as well. 
Indeed, of 581 companies sur- 
veyed recently by Hurwitz 
Inc. in Framingham, 
Mass., less than 32% said they 
have plans to use wireless de- 
vices in their e-business roll- 


Group 


outs. The companies studied 


ranged in size from under $50 
million to over $10 billion. 
“We have an interest, but 


| [wireless CRM is] not there 


yet,” said Frank Ammerman, 
vice president of business sys- 


| tems at IBSi LLC, a Lancaster, 


Pa.-based distributor of em- 
ployee benefits products. IBSi 


| currently uses CRM applica- 
tions from Youcentric Inc. in 
could mean enabling | 


Charlotte, N.C., and is explor- 
ing the possibility of moving to 
wireless CRM _ applications 
later this year. “The potential is 
there,” said Ammerman BD 


| ernment officials that students 


| will 


receive long-distance, 


| computer-based learning from 


The program is scheduled to | 


| open in about 18 months, said 


David Finney, dean of NYU’s 


| School of Continuing and Dis- 
tance Education. 


Still, Finney acknowledged 


| that one of the biggest chal- 


lenges that countries like Alba- 


matics and AIT Global Inc., a | nia face is a fear among gov- 


& Se 


A GROUP OF UNITED NATIONS delegates and IT industry officials gath 
ered in New York to discuss possible approaches to leveraging IT to im- 
prove social and economic conditions in developing nations. 


| done’ 
| government, 





IT professors in New York and 
then be courted to work for 
U.S. companies. 


Preventing ‘Brain Drain’ 

That’s certainly true in In- 
dia: 60% to 70% of computer 
science students who are at- 
tending elite universities there 
“are being recruited by foreign 
companies,” said Nitin Desai, 
the undersecretary general for 
the UN’s Department of Eco- 
nomic and Social Affairs. 

“A lot more work needs to be 
’ in partnerships between 
industry and 
academia in India to prevent 
the “brain drain” that has been 
occurring there, Desai added. 

Perhaps the most somber 
message came from Martin 
Belinga-Eboutou, the UN am- 
bassador from Cameroon who 
is also the president of the UN 
Economic and Social Council. 

“Eighty-eight percent of the 
world’s Internet users [live] in 
industrialized nations. In Afri- 
ca, we have less than one tele- 
phone per 100 inhabitants,” 
said Belinga-Eboutou. “So talk- 
ing about the use of informa- 
tion technology for social and 
economic development is a 
huge problem [for us].” D 
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As more ISPs and ASPs demand high availability, the consequences of a power failure to web 
hosting and colocation facility providers can be devastating. Businesses who provide internet 
access and infrastructure can't rely on the “oid” utility grid system. You need clean, ultra-reliable 
power in a setting free from damaging heat densities. In other words, you need Liebert. 


Register for this 
High Priority Read 
on High Availability. 
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We're using our 30+ years of experience protecting critical systems to create a world with incredi- www.ispd1 liebert.com 
bly clean, dependable power. Liebert delivers this "new" power in a variety of forms — from on-line : i 
info@liebert.com 


UPSs to three-phase power protection to unique AC/DC hybrid solutions. But our comprehensive 
protection doesn't stop there. it also includes our precision air products, as well as remote site 
monitoring and the world’s largest service organization. 


For more information on Liebert’s comprehensive protection, visit us as www.ispd1.liebert.com. 


© 2001 Liebert Corporation. All rights reserved throughout the world. Specifications subject to change without notice. 
All names referred to are trademarks or registered trademarks of their respective owners. 
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THE MYTHICAL FIVE NINES. 99.999%. AS CLOSE TO PERFECT 


For a server operating system, the five nines are a measure of reliability that translates into just over 
five minutes of server downtime per year.* Of course, rumors of this 99.999% uptime usually start 
under ideal lab conditions. But where are these five nines when your company needs them? If you’re 
using Microsoft® Windows® 2000 Server-based solutions, they may be closer than you think. Today 
Starbucks, FreeMarkets and MortgageRamp, an affiliate of GMAC Commercial Mortgage, are using 
- Windows 2000 Server-based systems that are designed to deliver 99.999% server uptime. With 
e | Windows 2000 system architecture improvements for higher server uptime plus fault-tolerant and redundant systems 
Server Family for increased availability, the Windows 2000 Server platform is helping these companies maximize 


tside of the operating system, including other hardware and software technologies, mission-critical operational processes and professional services. 





AS YOU CAN GET WITHOUT BREAKING SOME LAW OF NATURE. 


uptime and minimize network interruptions. But a server OS alone doesn’t get you five nines, which is 
why we've teamed up with industry-leading system providers to ensure that the right combination of 
people, process and technology is utilized. Industry leaders such as Compaq, Hewlett-Packard, Unisys, 
Stratus and Motorola Computer Group can work with you to deliver solutions with up to five nines uptime 
with their custom-built Windows 2000 Servers shipping today. Of course, not all installations require 
this level of reliability, but one thing is for sure: The Windows 2000 Server family can help you get 
to the level of reliability you need, even five nines. To learn more about server solutions you can 

count on, visit microsoft.com/windows2000/servers 
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GM Considers Online Sales Site for All Makes 


BY JENNIFER DISABATINO 


General Motors Corp. is con- | high-pressure sales pitch. 


sidering a venture that would | 
allow consumers to compari- 


| son-shop for cars without 


Ina filing with the Securities | 
| and Exchange Commission | as the one run by Culver City, | 


a | (SEC) Feb. 2, the Detroit-based 
| automaker said it would either 


buy an existing Web site, such 
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Calif.-based CarsDirect.com 
Inc. or start one on its own 
with investment from dealers. 
GM is also proposing to sell 
its vehicles and offer informa- 
tion on the site for other makes 
and models of cars, citing re- 
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search that indicates many 
consumers prefer “indepen- 
dent” dealers on the Web. 

The GMBuyPower.com Web 
site, which sells GM vehicles 
exclusively, will continue to 
operate, according to the filing. 

The proposed company, to 
be called AutoCentric JV LLC, 
will be formed only if there 
is “sufficient interest among 
the GM dealers,” according to 
the SEC filing. The filing is a 
notification of intent to sell 
shares in the venture, should 
dealers show sufficient interest. 


Integration Slow but Steady 

The offering is good news 
for consumers, said Hiro Mori, 
an analyst at Automotive Con- 
sulting Group Inc. in Ann Ar- 
bor, Mich. 

At the very least, consumers 
can do their research online at 
home before approaching a car 
salesman on the lot, he said. 

However, getting some deal- 
ers to buy into this may be 
tricky, since it may require 
some standardization of inven- 
tory-tracking software. Deal- 
ers have resisted such attempts 
at standardizing systems be- 
fore, Mori said. Plus, different 
departments within GM, such 
as sales and purchasing, may 


| not use the same software. 


“GM does not now have 


| good data on consumer trends 
| to put into a production sched- 
| ule,” 
| Three auto manufacturers — 


Mori said, but the Big 


GM, Ford Motor Co. and Daim- 
lerChrysler AG — are working 


| on projects to internally inte- 
| grate their own different sys- 
| tems and software. 


“(Their] information-pro- 
cessing ability will improve in 
the future,” said Mori. “That’s a 
big task. I don’t think it’s going 
to happen overnight. But, I 
think everybody’s moving in 
that direction.” 

In the SEC document, GM 
said it may not sell cars direct- 


| ly but could work through 
| dealers who buy shares in the 


online company. Those com- 


| panies could offer all or part of 


their inventory online. 

The dealers could then offer 
cars with an “e-price,” or a firm 
price that avoids haggling on 
Web-listed inventory. Or, the 
dealer could list the models as 
“referrals,” or vehicles that are 
in stock but without a price, 
which allows more room for 
bargaining. 

A customer would then con- 
tact the dealer and ask for a 
price on the “referral” cars. D 
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IBM Combines Server 
Units Into One Group 


IBM is undertaking an internal 
restructuring under which the com- 
pany is combining its server units 
into a single organization and set- 
ting up a new product group that 
will include its PC, printer and 
retail-store software operations. 

As part of the restructuring, IBM 
has moved its xSeries line of Intel- 
based servers from the PC division 
to its server group, which previously 
had responsibility for the company’s 
mainframes and AS/400 and 
RS/6000 product lines. 


Microsoft Adds ‘XP’ 
To Windows, Office 


Microsoft Corp. has added “XP” at 
the end of the names of its new ver- 
sions of Windows and Office. The 
initials, which stand for “experi- 
ence,” are meant to symbolize “the 
rich and extended user experiences 
Windows and Office can offer by 
embracing Web services that span a 
broad range of devices,” Microsoft 
said in a statement. 

Office XP - formerly dubbed Of- 
fice 10 - should get a public release 
by the end of the second quarter. 
Windows XP - formerly known by 
its code name, Whistler - is expect- 
ed to make its market debut in the 
second half of this year. Microsoft 
said it will release additional details 
about Windows XP on Feb. 13. 


J.D. Edwards Shakes 
Up Management 


Business applications vendor J.D. 
Edwards & Co. last week warned 
that it expects to report a loss for its 
fiscal first quarter and said it’s 
bringing in a new chief operating 
officer, in addition to another exec- 
utive who will take over direct 
responsibility for the company’s 
marketing activities. 

Denver-based J.D. Edwards 
projected a loss from “normalized 
operations” of up to 2 cents per 
share during the quarter ended 
Jan. 31, on revenue of $208 million 
to $218 million. That’s down from 
$232 million in the same period a 
year ago, when the company report- 
ed a net profit of $3.6 million before 
accounting for some acquisition- 
related costs. 








Launch $80M Start-up 


NEWS 
Novell and Partners 





Volera promises to better content delivery 





| BY MARC L. SONGINI 





GROUP OF major 

industry players is 

launching a start- 

up that boasts it 

will offer services 

and products that will boost 

Web content delivery for en- 
terprise networks. 

Representatives from Novell 

Inc.; Brampton, Ontario-based 

Nortel Networks Corp.; and 


| Chicago-based Accenture re- 


cently announced the creation 
of Volera Inc. The 6-month-old, 
$80 million firm is based in San 


| Jose and has 170 employees. 
|  Volera executives said it will | 


| B2B exchange had 





| 
| 
| 
| 





give enterprise networks and 
Internet service providers in- 


tegrated caching and content- | 


| makers that will then resell it 


| 
| 
| 





“under the hood” to corporate 
end users, said David Willis, 
program director of global net- 
working strategies at 
Group Inc. in Stamford, Conn. 
Volera will also sell its con- 
tent exchange services hand- 
in-hand with content delivery 
service providers such as Cam- 
bridge, 


Meta | 


Mass.-based Akamai | 


| Technologies Inc. 


| Volera’s offering, there could 


| be an indirect impact on enter- 
prise users who need to man- 
age large amounts of Web traf- 
fic internally. But, Willis said, 


“there is a trade-off between | 
| too late, that the Novell brand 


bandwidth consumption and 
the cost of moving content to 
the edge of the network.” 

Also significant is Novell’s 


move to offer products through | 
“Historically, | 





a third party. 
Novell’s brand has been sacred 


| ALIA EEE A eT Pare he 
| ATAGLANCE 
Volera Inc. 
Headquarters: San Jose 

Partners: Accenture, Nortel, Novell 
Funding: $80 million 


Purpose: Offer products and services to 


| boost the quality and speed of the delivery 


of secure multimedia Web content 
Number of employees: 170 


President: Simon Khalaf 


to them,” said Willis. “Now 
they’ve realized, perhaps a bit 


has so many legacy connota- 
tions, they have to separate 
themselves from it.” 

Volera will start to deliver 
products within one month, 
said Khalaf. D 





‘Dell Closes Marketplace After Four Months 


management products, as well | 
as services to boost the quality | 
and speed of the delivery of se- | 


cure multimedia Web content. 


| Novell's Role 


Novell will be chief equity 
partner and a contributor of 
technology and personnel from 
its Net Content Services Group, 
said Simon Khalaf, Volera’s 
president and a former Novell 
executive. Novell CEO Eric 
Schmidt will be the start-up’s 
chairman. 

Last fall, Novell had hinted 
of its intent to spin off its Net 
Content division. As part of 
the deal, Novell will turn over 
to Volera its Internet Caching 
System (ICS) software, which 
will subsequently be known as 
Excelerator. ICS-enabled ap- 
pliances, such as Compaq Com- 
puter Corp.’s C-Series Task- 


Smart Web acceleration server, 


can cache and serve up popular 
Web pages without having to go 
to the original Web server. 
Volera will also offer No- 
vell’s Content Exchange Web 
acceleration and redistribution 
service for Web hosting cen- 
ters, said Khalaf. However, the 
Volera Web site states that the 
company will also work to de- 
velop its own offerings. 
Although the road map is a 
bit vague, Volera will sell its 
technology to Web appliance 


too few participants 


BY TODD R. WEISS 


Analysts said Dell Computer | 
| Corp.’s sudden shutdown of a | 
business-to-business exchange | 


it launched with great fanfare 


just four months ago is more | 
evidence that companies need | 
to be sure of what they’re do- | 
ing before they dive into Inter- | 
| joined the exchange. 


net-based business strategies. 


Like many participants in | 


such exchanges, Round Rock, 
Texas-based Dell was lured by 
predictions that online market- 
places would make good sales 
channels, said Ronald Exler, an 
analyst at Robert Frances Group 
in Westport, Conn. “They got 
caught up in the hype,” he said. 
“] think they probably didn’t 
realize the nature of what they 
were getting into.” 


| Last week, the PC maker 
| confirmed that Dell Market- 


| Mountain View, Calif.-based 
Ariba Inc. and other software 
vendors to set up the exchange 
as a site where users could 


shop for products from Dell | 


and other companies. But it 
pulled the plug after only three 
suppliers — 3M Co., Motorola 
Inc. and Pitney Bowes Inc. — 


Rob Rosenthal, an analyst at 


said the speed with which Dell 


gave up on the venture is note- 
worthy. “They might not have | 
realized [up front] that it was | 
going to be a longer-term ven- | 
ture [to make the exchange a | 


success],” he said. 





| place, the exchange it launched | 
| in October, was closed earlier | 
| this month. Dell teamed with | 


IDC in Framingham, Mass., | 


Dell spokesman Ken Bissell | 
declined to say how much the | 
company had invested in the | 








Buh-Bye, B2B 


Dell abandoned its online busi: 
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after only four months, citing a lack of customer interest. 
@ Opened www.dellmarketplace.com in October with 
three online suppliers — Pitney Bowes, 3M and 
Motorola — to offer business customers a one-stop site 
for Dell computers and other business goods 


® Held talks with other suppliers to add products, but nego- 
tiations failed to lead to more vendor agreements 


® Will continue bundling servers with Microsoft software 
and e-business services from Lante Corp. as it tries to sell 
the idea of online marketplaces to its own customers 


| business-to-business 











venture. The decision to close 
the exchange wasn’t based on 
the small number of partici- 
pants, Bissell said, but he 
acknowledged that the collab- 
orative commerce showcase 
that Dell had in mind is “some- 
what immature.” The company 
quickly discovered that cus- 
tomers aren’t ready to use ex- 
changes such as Dell Market- 
place in droves, he said. 

Some users had asked Dell 
to develop a Web site with the 
capabilities that the exchange 
offered, Bissell said, “but as 
things sometimes go, you recog- 
nize that situations can change.” 


More Bad News 


The exchange’s shutdown 
comes two weeks after Dell 
warned that profits will likely 
be below expectations in its 
fiscal fourth quarter, which 
ended Feb. 2. 

Dell will now use Supplier 
Advantage, a program it set up 
with Microsoft Corp. to market 
technol- 
ogy to users who want to cre- 
ate their own online market- 
places. That offering bundles 
Dell’s servers with software 


| from Microsoft and consulting 


services from Chicago-based 
Lante Corp. 

Bissell insisted that prospec- 
tive Supplier Advantage cus- 
tomers shouldn’t view Dell's 
pullout from its exchange as an 
ominous sign for their online 
ventures. “I don’t see it as a 
mixed message at all,” he said. D 
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MARK HALI 


Inactive Directory 


RAND VISIONS IN computing require simplistic expla- 
nations. Pity they don’t work that well. 

In the 1980s, IBM’s majestic breadth of operating envi- 
ronments was supposed to be unified under its famed 
Systems Network Architecture. SNA was to bring 


all of IBM’s technologies together. 
Well, eventually. Uh, sort of. 

Now it’s Microsoft’s turn to give us 
grand visions of rationalization for a 
platform strategy that’s getting (in- 
tentionally) out of control. This week, 
the company will announce Windows 
XP, an addition to an operating sys- 
tem lineup that includes Windows 95, 
Windows 98, Windows NT, Windows 
CE, Windows 2000 Professional, 
Windows 2000 Server, Windows 
2000 Advanced Server, Windows 
2000 Data Center and even little ol’ 


MARK HALL is Computer- 
world’s West Coast 
editor. You can contact 
him at mark_hall@ 
computerworld.com. 


line, you come across consistent 
complaints about how hard it is to 
get Microsoft’s Kerberos to work 
right. You also hear about the night- 
mare you'll face if you try to install 
Active Directory when your domain 
name server happens to run on Lin- 
ux, Solaris, NetWare or anything 
else. Horror stories abound. 
Microsoft’s answer is simplicity it- 
self: You’ll have none of those prob- 
lems if you just move all of your IT 
operational management to Active 
Directory. That’s just what IBM said 


Windows Me. 

Microsoft’s simple solution to its operating 
systems proliferation problem is said to be Ac- 
tive Directory. Its duty will be to keep all of the 
user, resource and application information cur- 
rent, distributed and managed among whatever 
you've got on your network. Even if it happens 
to be cross-platform. (It sure is nice when Mi- 
crosoft recognizes the real world.) 

That’s why Active Directory is based on 
LDAP, Kerberos, MAPI and other industry stan- 
dards. But because Active Directory insists on 
controlling down to the network protocols, it 
will play nice only on a network where it’s the 
master and all other directory servers and ser- 
vices are slaves. If you chat with system admin- 
istrators or surf the Windows chat boards on- 


when you complained that your 
Unix-based Internet services didn’t mesh well 


| with SNA. 


No one talks about SNA much these days. Co- 
incidentally, not many people are doing much 


| with Active Directory these days either. Al- 


though Microsoft announced last week that it 


will reach the 1 million mark this month for Win- | 
| dows 2000 server licenses, the company is un- 
| characteristically modest about how many Ac- 
| tive Directory installations it has so far. Some re- 
| ports say as few as 15% of all Windows 2000 up- 
| grades include Active Directory in their rollouts. 


Like IBM’s grand vision of SNA, Active Direc- 


| tory is a simple, monolithic answer to a com- 


plex, heterogeneous problem. 
So far, most users think it’s the wrong answer. D 
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PIMM FOX 


Ariba Buyout of 


Agile May Aid 


TT on B2B 


RIBA SAYS Agile Software’s col- 
laborative commerce expertise is 
the primary reason it’s paying 


| $2.4 billion to buy Agile. 


Collaborative commerce, or c-commerce, is a 
new iteration of B2B in which personnel, business 
partners and customers come together across sev- 


| eral business processes to ease information flow. 


It will also spur B2B industry consolidation, 


| which can’t happen quickly enough. By next year, 
| according to Gartner Group, there will be more 
| than 3,000 B2B marketplaces. About 5% will make 


it, Gartner says; another 15% will be acquired or 
will merge, and the rest — well, RIP. 
Ariba’s purchase should begin a chain of events 
to help users sort through 
all of the e-business prod- 
ucts on the market. 
And despite the business 
school notion that consoli- 
dation is bad for technolog- 


| ical innovation and will in- 
| crease prices, it’s time for 
| some severe rationalization. 


w= > > Ss > 7 » oe 
The lure to streamline intent 


Computerworld’s West 
Coast bureau chief. Con- 
tact him at pimm_fox® 


back-end systems with new + agi 


Web-enabled front ends 
looks fabulous in a PowerPoint presentation or at 
an industry conference. But in reality, the prospect 
of streamlining it all looks chaotic. 

“There are so many things out there: ERP, sup- 
ply-chain execution, warehouse management sys- 
tems,” says Karen Peterson, research director at 
Gartner. “If someone tries to sell one more thing, it 
is a huge challenge for companies’ IT departments 
to implement. Everyone is looking for one throat 
to choke.” 

That’s a natural response, given the trend over 
the past four years. 

Having evolved from static supply-chain planning 
applications to order-execution applications, then 
to full software suites that offer integration with 
transportation-management systems, B2B market- 
places are morphing into c-commerce operations. 

And as the Internet and c-commerce come to- 
gether, a boatload of collaborative interfaces and 
products, such as Common Object Request Broker 
Architecture and Component Object Model, have 
made selection more — not less — difficult. 

There are no c-commerce market leaders, and 
most collaborative commerce still centers on elec- 
tronic procurement for product development and 
product life cycle processes. But this will change 
as c-commerce makes inroads with traditional 
manufacturing companies; robust commerce net- 
works will permit easier connections to supply- 
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chain management systems and more standards. 

Yet this is still a dream. 

“I’m not convinced vendors can drive standards, 
which means you still have these different solu- 
tions to wade through,” says Peterson. 

Public exchanges like i2 Technologies’ Trade 
Matrix (for supply-chain collaboration) and my- 
SAP.com’s Marketplace (for business application 
integration), as well as private exchanges, repre- 
sent different c-commerce products. Anything that 
simplifies varying approaches will help IT organi- 
zations map coherent e-business strategies. Having 
“one throat to choke” at least assigns responsibility 
for the best c-commerce scenario. 

So, by acquiring Agile, Ariba is squarely in posi- 
tion to exploit this new market. At the very least, it 
means one less vendor to sort through. D 


i Faces Emerging 
Global Agenda 


USINESS IT’S first half-century be- 

gan in London and Louisville, Ky., 

where the first business computers 
were installed. The second half-century 
began last month in Davos, Switzerland, at the an- 
nual World Economic Forum. 

IT professionals pay little attention to the global 
economic issues discussed by heads of state and 
corporate chairmen at the forum. But we should. 
IT was at the top of the agenda at Davos; these 
leaders recognize IT’s importance, and they will 
set priorities that will create new opportunities for 
IT. In their minds, there is more to the global IT 
agenda than tapping IT talent outside the U.S., 
running global networks and creating Web sites 
with international appeal. 

The theme of this year’s Davos conference — 
“Sustaining Growth and 
Bridging the Divides: A 
Framework for Our Global 
Future” — sums up the 
emerging agenda. The di- 
vide is the gap between the 
technology haves in the 
developed world and the 
have-nots in the develop- 
ing world. Sustainable 
growth refers both to cre- 
ating conditions that favor 
continued economic 
growth and a healthy envi- 
ronment. 

This is lofty stuff, so let’s 
pause to ask some cynical questions: Isn’t this high- 
minded talk just posturing by rich industrialists 
and politicians? Is it really possible to bridge the di- 
vide or to create an ecologically sustainable econo- 
my? The answers are yes to the first question, no to 
the second. Most of the developing world is eager 
to grow and participate in world markets and fear- 
ful of falling further behind in the realm of technol- 
ogy. In turn, these countries represent too large a 
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potential market for multinational corporations to 
ignore. As Carly Fiorina, chairwoman and CEO of 
Hewlett-Packard, said at Davos about bridging the 
digital divide, “This is about good business as much 
as it is about philanthropy.” 

It isn’t difficult to see what it will take to cross 
the divide: The key ingredients, say experts, are ac- 
cess to technology, education and entrepreneur- 
ship. Government policies can help, but corpora- 
tions can move this agenda along, too. For example, 
one of South Africa’s largest banks, Absa, recently 
announced that it would provide free Internet ac- 
cess to the public, launch a drive to move procure- 
ment online and train its staff to use the Web. Inno- 
vation is another ingredient, according to C.K. Pra- 
halad, a leading management thinker turned Silicon 
Valley entrepreneur. The bottom of the economic 
pyramid, he told a business audience in Mumbai, 
India, last year, represents an immense opportunity 
for companies to rethink products, price strategies 
and distribution channels. His advice: “Find the 
connection between the very poor, sustainable de- 
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Snooping Report Just Part of Considerations 


HAVE JUST BEEN read- 
ing your report “Brit 


Accuses U.S. of 
Snooping” [Page One, 
Jan. 29]. Thank you for 
giving coverage to our 
inquiries. 

However, I think it is 
misleading to imply that 
the submission of a per- 
son who was invited to 
appear before the Tem- 


porary Committee repre- | 


sents the views of the 
committee or the parlia- 
ment. Duncan Campbell 


ropean Parliament” to do 
our investigations for us. 
Campbell, who has spent 
years looking into this 
question and is widely 
recognized for the thor- 
oughness of his work, 
was appearing before the 
committee because it 
wished to hear what he 
had to say as a result of 
his research in this field. 
Many other specialists 
and experts have also ap- 
peared before the com- 
mittee in a series of hear- 
ings since September. 
Between now and the 
adoption of the report in 
committee, scheduled for 
the end of June or early 
July, many more will be 
heard and their contribu- 
tions assessed. 

Only when our report 
is finally approved by the 





European Parliament 
early next September 
will you be able to speak 


| about Europe admitting 
| this or proposing that. 


Moreover, by using se- 


| lected quotations from 


Neil MacCormick’s let- 
ter, you traduce to a cer- 
tain extent the sense of 


| his statement. He did, 
| moreover, indicate to you 


that the committee 
would be willing to hear 


| from current or former 
| intelligence officials or 
was not “hired by the Eu- | 


spokespersons from pri- 
vate companies used in 


| your article, if they con- 


sider that they have 
something to tell us 
about this issue. 

We intend to produce a 
factually accurate and bal- 
anced report that places 
the controversy in its 
proper context. I under- 
stand your interest in this 
matter and welcome com- 
ments on our work, but 
please recognize that this 


a 


| velopment, the Internet and innovation.” 


Innovative thinking is also the key to creating 
businesses that are both profitable and environmen- 
tally sustainable. For example, companies that sell 
products that just wind up in landfills can become 


| service companies that recycle products. For Dow 
| Chemical, it means that instead of selling solvents, 


the company leases “dissolving services,” then 

reuses the solvents, writes Peter Senge in the cur- 

rent issue of the MIT Sloan Management Journal. 
The IT connection to all of this is enormous: It 


| ranges from creating low-cost communications ser- 


vices and computer products to building networks 
and applications that support telemedicine, organi- 
zational and distance learning, environmentally 
sound business practices, and financial services for 
entrepreneurs in poor countries and neighbor- 
hoods. We can offer not just our enthusiasm and in- 
novative thinking, but as fellow Computerworld 


| columnist Frank Hayes noted [Back Page, Jan. 29], 
| we can also offer the hard-won lessons learned 


during the first 50 years of business IT. B 


| is aserious issue for the 


parliament and it does us 


| a disservice if allegations 


are treated as facts before 
they are assessed. 

David Lowe 

Head of secretariat 

Echelon Committee 

European Parliament 
Brussels 


Secure and Securest 


AGREE completely 
[v= Patricia Keefe 

[“Wake Up!” News 
Opinion, Jan. 15], but I 
would add two things: 
1) The most secure com- 
puter is one not connect- 
ed to any network, 
whether the computer is 
a dial-up laptop in a not- 
connected state or a sim- 
ple desktop programmed 
to run the lawn sprin- 
klers of a golf course. (A 
greenkeeper actually 
asked me if a hacker 
would be able to start a 
flood after I configured a 
specialized MS/DOS- 
only system for him.) 
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Who's to Blame? 

HE ARTICLE “Six 

Plaintiffs Join $5 

Billion Discrimina- 
tion Suit Against Micro- 
soft” [Computerworld.- 
com, Jan. 3] irresponsibly 
blames Microsoft for fail- 
ures in our society. Some 
among the six com- 





plainants suing Microsoft 
may have been the vic- 
tims of bigoted supervi- 
sors. If so, the supervisors 
should be fired and the 
former employees should 
be compensated, but not 
to the tune of hundreds of 
millions of dollars. 

Chuck Stein 

Spokane, Wash. 


| 2) The second most se- 
cure computer Is one on 
an isolated network simi- 
lar to those of the big 

| mainframes of yesteryear. 
Billi Becker 
Santa Clara, Calif 


Learning the SAP Way 


HE NAVY would do 
well to examine 
companies that 
| have deployed SAP to 
| handle supply chains 
| (“Navy Embarks on SAP- 

based Supply-Chain Mis- 
sion,” Computerworld.- 
| com, Jan. 10]. Most suc- 
| cesses have come from 
| the company molding its 
| way of doing things to the 
| way SAP does things, not 
| the other way around. 
| Otherwise, the costs go 
| up, the time line extends 
| and often the result is to 
| just stop the project. 
Roger Erickson 
| Independent consultant 
| Westlake, Ohio 
rogererickson@phoenixdsl.com 





COMPUTERWORLD welcomes 
comments from its readers. 
Letters will be edited for brevity 

| and clarity. They should be ad- 

| dressed to Jamie Eckle, letters 
editor, Computerworld, PO Box 
9171, 500 Old Connecticut Path, 
Framingham, Mass. 01701. 

Fax: (508) 879-4843. Internet: 
letters@computerworld.com. 
Include an address and phone 
number for immediate verification. 











DAVID FOOTI 


What’s Your 
‘Emotional 
Intelligence’? 


HE RULES OF WORK are chang- 

ing, and it couldn’t be more obvi- 

ous than in the new yardsticks by 
which modern workers are being judged. 
Sure, we're still being measured by how 
smart we are, or by 
our training and 
expertise. But have you 
noticed that character — 
how we handle ourselves 
and others, and even our 
ethical values — now 
counts more, especially in 
recruitment and promo- 
tion decisions? 

Educational institu- 

tions — even those not 
tied to religious denomi- 
nations — have been pay- 
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ing more attention to 
character. Hiram College, 
a small liberal arts school 
in the Midwest, this year 
established a chairman in ethics after a decade 
of aggressively infusing ethical discussion into 
coursework. Kenneth Alpern, recently appointed 
professor of ethics and the chair’s occupant, 
teaches students that ethical issues aren’t simply 
about right and wrong but also about “making 
tough choices in a brutal world.” 

Among the theories he espouses is the notion 
that the more people can experience things from 
different points of views (such as working in a 
soup kitchen to understand the poor as human be- 
ings), or read the writings of those they disagree 
with to understand the authors’ perspectives, the 
more effective they'll be in their professions. 
Visualize Gordon Gekko sharing tea with Gandhi. 

“Emotional intelligence,” or EQ , is a popular 
construct that’s being employed by companies to 
promote character in the workplace. EQ has two 
components: intrapersonal intelligence and inter- 
personal intelligence. Intrapersonal intelligence 
enables us to make sense of the interrelationships 
between our thoughts, actions and feelings. Inter- 
personal intelligence, on the other hand, enables 
us to tune in to other people, empathize and com- 
municate clearly with them, inspire and motivate 
them and understand relationships. 

Like its counterpart, IQ , EQ can be tested, 
measured and incorporated into the workplace in 
productive ways. A West Coast communications 
company recently used EQ techniques to qualify 
managers to help workers deal with personal 
problems that were hindering team performance. 

Other examples of using emotional intelligence 
include the following: 
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@ Recruitment. EQ measurement is invaluable in 
selecting and recruiting “desirable, high-perfor- 


mance” workers. 
| @ Predicting performance. Some companies are 


blending IQ testing with scientific measurement 
of EQ to predict job performance and direct work- 
ers to jobs where they are most likely to succeed. 
w Negotiation. Whether you’re dealing with a trad- 
ing partner, competitor, customer or colleague, 
being able to empathize and be creative in finding 
win-win solutions will consistently pay off. 
mw Performance management. 360-degree feedback is 
a common tool for assessing EQ. Knowing how 
your self-perception compares with others’ views 
about your performance provides focus for career 
development and positive behavioral changes. 
@ Peer relationships. Good networking skills are a 
staple of job effectiveness for the average IT 
worker. Networking has too often been associated 
with “using” other people, but a heightened EQ 
ensures a mutually beneficial approach to others. 

If teams, departments and individuals at your 
company are too often locked into conflict or, 
worse, acting disaffected, bored and unmotivated, 
exploring EQ may be worth your time. 

Remaining optimistic during tough times — 
be it troubled projects or major economic down- 
turns — is a sign of high emotional intelligence 
and a quality that few organizations can afford to 
be without. D 


THORNTON MAY 
A Solution to 
Stale Thoughts: 
Just Burn ’em 


«<< ARGO” refers to the physical 
(CC sooss loaded into the holds of 


ships, trucks or any other 


freight-bearing vehicle. You can choose 
what’s allowed in the 


cargo hold, and where 
and when it will be 
emptied. 

Unfortunately, the men- 
tal cargo — the mind-sets, 
norms and behaviors — 
that contemporary execu- 
tives bring to their work- 
places doesn’t benefit 
from similar acts of re- 
plenishment. We rarely re- 
fresh our mental cargoes. 
A sizable portion of the 
mental cargo that senior 


THORNTON MAY is a 
corporate futurist and 
chief awareness officer 
at Guardent Inc. in 
Waltham, Mass. Contact 
him at thornton.may@ 
guardent.com. 





executives bring to work 

with them every morning is dysfunctional, having 
gone long past its safe “think-by” date. These 
stale modes of thinking destroy value and get in 
the way of conceptualizing, creating and operat- 
ing the type of enterprise the digital economy re- 
quires. Classic examples of dysfunctional mental 
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| cargo would be the annual IT budget process, 

| performance reviews and audits masquerading 
| as meaningful reviews of digital security and 

| privacy. 

Eighteenth-century poet Edward Young com- 
plained about behavioral plagiarism: “Born Origi- 
nals, how comes it to pass that we die Copies?” I 
fear Young is on to something. In a world most of 
us believe requires creative and innovative think- 
ing, how is it we live in an age of copies? Where 
do these bad workplace behaviors/in-need-of- 
| being-jettisoned mental cargoes come from? The 
answer is they don’t come from anywhere; they 
were there when the current occupants arrived. 
“Copy” executives perpetuate patterns estab- 
lished by long-gone innovators. The least- 
changed/most-loathed functional area is probably 
human resources. Executives today have to live 
the life of originals. We hear a great deal about 
corporations reinventing themselves. Have the 
disciplines that make up corporations done the 
same? Have you? 

Think of corporate America as a kind of Dar- 
winian Galapagos Islands for executive speci- 
ation. Ask yourself: Would a de Tocqueville- 
observant visitor to corporate America report 
that most of the behaviors — such as employees’ 
jobs and how they do them — found in the vari- 
ous disciplines that make up the “new millenni- 
um” corporation have truly changed, and have 
evolved from their aboriginal form? Is the post- 
Internet chief information security officer really 
different from his pre-Web ancestor? 

Last year, I participated in a 16-week research 
program in Silicon Valley co-sponsored by the 


| Ericsson Business Academy and the University of 


California at Berkeley. One of the behavioral 
norms we observed was the “elevator speech,” so 
labeled because of its compressed duration and 
lack of preparation. The classic elevator speech is 
the pitch that a youthful, high-energy possessor of 
the next great idea would deliver in two and a half 
minutes to a venture capitalist with the intention 
of obtaining funding. What if a board of directors 
was to confront its vice presidents and ask them to 
detail how their job responsibilities and their per- 
formance of activities associated with their jobs 
have changed since 1999? Since 1995? 1990? 

What kind of response would the board get? 

And for fairness’ sake, let’s turn this “Have you 
evolved?” question around and point it at the 
board. Does the post-Internet board of directors 
at a Global 2000 company look and act differently 
than its pre-Web cousin? Should it? Part of the 
research done last year focused on how boards of 
directors in Silicon Valley — a.k.a. the dot-coms 
— were different from boards at more traditional 
brick-and-mortar companies. Dot-com boards are 
good at starting fresh, or being “originals,” while 
many executives at traditional companies have to 
take their mental cargo and burn it. 

In 18th-century New England, a town would 
hold a “busk” in which everyone would periodi- 
cally turn out to make a bonfire of everything old, 
outworn and discarded. Boards of directors and 
the management teams they direct might want to 





do the same. So, burn and learn! DB 











It’s no secret. The better informed you are about 
your suppliers, the better your chances of having 
a profitable relationship. Unfortunately, getting 
the whole story, especially when it spans multiple 
locations and contracts,has never been easy. But 
now, SAS, the worldwide leader in data mining 
and e-Intelligence, has joined forces with Dun & 
Bradstreet and B2eMarkets Inc. to bring new insight 
and certainty to supplier relationship management. 
Knowledge that can save you as much as 15% on 
your total supplier costs. Just imagine what that 
could do for your company’s bottom line. For more 
details about this and other solutions from SAS, call 


us at 1-800-727-0025. Or stop by www.sas.com. 
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Don’t miss the industry’s most respected forum on Information Technology 


The New Foundation: : 
Services and Technology for Business 


The year 2000 brought in more than a 
new millennium - it also marked a major 
migration from the old economy to a new 
wired, mobile economy. And, for many, 
the migration wasn't pretty. One only 
needs to look at the stock market, dot- 
coms, and many brick-and-mortars trying 
to build online operations to see the 
tumultuous impact of this market shift. 
IDC has the research and expertise to help 
companies face this challenge. For more 
than 35 years, we've been helping technol- 
ogy executives build on their successes 
through our annual Directions briefing 
sessions. Directions 2001 is a must- 
attend for anyone seeking success in the 
latest evolution of the new economy. 


To register and 
for more information, call: 


1-800-605-5849 
or visit 
www.idc.com/events/dir01/ 
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CHILD PRIVACY 
SAFEGUARDS 


The Federal Trade Com- 
mission recently gave 
unanimous approval to 
self-regulatory guide- 
lines aimed at protect- 
ing children’s privacy on 
the Internet. » 32 


LOSING BATTLES 


Users are often quick to 
point the blame at ven- 
dors if a technology 
project goes awry. But 
Reed Simpson, a vice 
president at Comput- 
er/Legal Consultants, 
says companies that sue 
sometimes lose their 
cases before they even 
get to court. »32 


EVE ON STORAGE 


Storage hardware might 
not sound very exciting, 
writes Peter GW. Keen, 
but it’s rapidly becoming 
the single most impor- 
tant element of e-busi- 
ness innovation. » 33 


SWEET 
SOMETHINGS 


At See’s Candies’ head- 
quarters in San Francis- 
co, the IT department is 
located directly above 
the peanut brittle manu- 
facturing area. So even 
when workers are put- 
ting in long hours to 
support the Valentine’s 
Day rush, the sweet aro- 
ma provides them with a 
little extra push to make 
it through the day. » 33 


MOVING ON UP 


IT workers are notori- 
ous for their willingness 
to pack up and move on 
to anew company to ad- 
vance their careers. But 
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a career like that of 
David Thompson, who 
went from distributor of 
reports to networking 
systems manager at Pier 
1 Imports, shows that 
companies that provide 


opportunities retain mo- | 


tivated workers. » 36 





MONEY TALKS 


How much should you 
pay in bonuses to mem- 
bers of an IT team? Four 
experts on team authori- 
ty and compensation 
share their thoughts. » 40 





OTEP ASIDE FOR 
THE BIG BOYS 


Dot-coms may be going 
belly-up these days, but 
that’s not stopping cor- 
porate giants like Dow 
Corning and Merrill 
Lynch from jumping into 
the e-business fray. Just 
as some New Economy 
players are dropping out 
of the race, several Old 
Economy spin-offs are 
about to hatch. » 42 





FOREIGN 
MATTERS 


U.S. companies are in- 
creasingly setting up 


GLENN YAUCH AND JACKIE WAGNER have 
been helping General Motors employees under- 
stand the risks associated with e-business. 





shop in foreign countries | 


to take advantage of 


available labor. But some | 


markets are clearly bet- 
ter than others. » 44 





COMPLEX 
EXCHANGES 


With the goal of cutting 


costs, time and waste for | 


companies of all sizes, 
online marketplaces are 
turning out to be big 
business in just about 
every industry. » 45 





MORE 
Advice 


GRIP ON E-RISK 


CORPORATIONS ARE AWARE that there are risks in e-busi- 
ness, but gauging them is another matter. Business 
risk managers are only beginning to develop some 
early standards and metrics that will ultimately make 
it easier for business leaders to get their 
arms around e-business risk. As they do, 

insurers will be watching. 
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FTC OKs Self-Regulation to 
Protect Children’s Privacy 


Parental approval vital part of guidelines 


BY JENNIFER DiISABATINO 
HE GOVERNMENT 
recently approved 
the first self-reg- 
ulatory guidelines 
for protecting chil- 
dren’s privacy on the Web. 
The Federal Trade Commis- 


sion (FTC) on Feb. 1 unani- 


| compliance 
| dren’s Online Privacy Protec- | 


mously granted the first “safe 


harbor” guidelines to ensure | 


with the Chil- 


tion Act, which was passed by | 


Congress in 1998. 


The act requires the opera- 
tors of Web sites geared to- 
ward children to post privacy 


policies on their sites, notify 
parents about the information 
they’re gathering and obtain 
parental consent before col- 
lecting 
from children under 13. 


personal information 

The act also provides for the 
establishment of self-regulato- 
ry programs. To set up a safe 
harbor, businesses and trade 
groups must propose guide- 
lines to the FTC. 


If the guidelines are ap- 


proved, they’re considered 
“safe” and in compliance with 
the rule. Web site operators can 
then use them as models for 
their own operations. 


Evolving Proposal 

The guidelines approved by 
the FTC were proposed by the 
Arlington, Va.-based Council 
Better Business Bureau 
Children’s Advertising 
Review Unit, a separate arm 


of 


Inc.’s 


Military Bank Salutes Savings From Customer Query Tool 


Bank of America Corp., the | 


Company marches forward with new 
e-mail routing and management system 


BY MARC L. SONGINI 
A few years ago, Bank of Amer- 
ica’s military subsidiary set out 
to cut costs by answering cus- 
tomer queries via e-mail. The 


problem, however, was finding | 


a system that could handle the 
sensitive customer data 
curely. 


se- 


The bank next month plans | 





launch online 
relationship manage- 
ment (CRM) system with At- 
lanta-based WebTone Tech- 
nologies Inc. after two years in 
development, according to Tom 


to to 
tomer 


an cus- 


Shaw, senior vice president of | 


the San Antonio-based Bank of 
America Military Bank. The 
bank has branches on military 
bases in the U.S. and around 


1 | the world. 


At Your Service 


® Bank customers log on 
to the system via a Web 
browser and fill out preset 
e-mail forms to launch 
their queries. 


® These forms contain the 
customer's ID, check num- 
ber and other pertinent 
information. 


= The system views the 
data and routes the e-mail 
to a customer service repre- 
sentative based on the im- 
portance of the customer 
to the bank and the rela- 
tive importance of the 
query. 


= E-mail queries that don’t 
fit into a pre-existing cate- 
gory are sent to an artificial 
intelligence engine, which 

forwards them to the most 
appropriate representative. 





Now in beta testing, the new 
system — an e-mail routing 
and management tool for cus- 
tomer queries — will reduce 
response times from three or 
four minutes on average to less 


| than a minute, Shaw estimated. 


And with more customers ac- 
cessing the bank via e-mail, the 


system could reap savings of | 


hundreds of thousands of dol- 
lars that are now being spent 


| on incoming global calls to the 
| company’s 


toll-free 
Shaw said. 
Customer service represen- 


number, | 


tatives will now be able to | 


access information gathered 
from other departments. And 
the e-mail channel could allow 


| | representatives to double the | 
|| amount of inquiries they han- 
| dle each day, from about 100 to | 


| about how user com- 


200, Shaw said, depending on | 


| the types of inquiries. 


This summer, the military 


bank plans to launch a secure 
e-mail and electronic-messag- 


ing campaign management sys- 


| tem, said Shaw. 


military bank’s $45 


billion | 


parent company, has undertak- | 


en several e-business-related 
ventures in recent years. The 
Charlotte, N.C.-based bank 
boasts 3 million online cus- 
tomers. 

The move to a Web-based 
CRM system is a must for fi- 
nancial firms like Bank 
America, said Valerie Roy, a 


of | 


senior analyst at TowerGroup, | 


a Needham, Mass.-based con- 
sultancy. More and more 
banks are adopting systems 
like this one, with some level 
automation for handling 
things like e-mail-based cus- 
tomer queries. 

The key, she added, is ensur- 
ing that the different CRM sys- 
tems are all aligned so “the 
customer doesn’t get lost.” D 


of 


Making a Case: Lawsuits 
Make Failed Projects Worse 


Lawsuits often follow failed IT 

projects. But before choosing 
| to sue, plaintiffs tend to call in 
professional expert witnesses 


to paw through the project re- 
mains and figure out 
whether 
good case, according 
to Reed Simpson, vice 
president of Com- 
puter/Legal Consul- 
tants Inc. in Harri- 
son, Idaho. 
Computerworld’s 
Kim S. Nash recently 
talked with Simpson, 
a 35-year IT veteran, 


there’s a 


panies can lose cases before 
they even get to court. 


passed around and whether it 
can be documented. I have to 


| be able to advise [user compa- 


SIMPSON: Blame 
often gets spread 
where it shouldn't. 


Q: What happens when you come | 


in, after either the user or the ven- 
dor decides to sue? 
A: I have to determine if there’s 


| to find out that the people who 


| enough blame that can be | 


nies about] how vulnerable 


they are. 


Q: Vulnerable? How so? 


A: Sometimes, simply | 
company | 
doesn’t keep records | 
of the dispute as it | 
In other | 
as | 


because a 


progresses. 
cases, they are 
much to blame as the 
people they’re blam- 
ing it on. 

When it gets to the 
point where they 
think they will sue, then top 
management is involved and 
has been told certain things. 
And most likely, they don’t 
have direct involvement in the 
project. It’s not unusual for me 





told top management things | 
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of the advertising industry’s 
self-regulatory program. 

The Children’s Advertising 
Review Unit has been around 
for almost 30 years. But the or- 
ganization’s guidelines weren't 
strong enough at first to pro- 
tect children on the Internet, 
said Jason Catlett, president of 
Junkbusters Corp., a Green 
Brook, N.J.-based privacy ad- 
vocacy group. 

“They revised the proposal, 
and then we supported it be- 
cause it seemed to be stronger 
than what the FTC’s rule-mak- 
ing required,” Catlett said. 

The Center for Media Edu- 
cation (CME), a Washington- 
based national watchdog group 
media 
for children, also expressed 
reservations about the original 
Children’s Advertising Review 
Unit proposal to the FTC. But 
according to CME officials, 
the group is satisfied with the 
revisions. 

In 1998, the FTC surveyed 
212 Web sites directed toward 
children and found that 46% of 
them didn’t include any disclo- 
sure of their collection and use 


focused on electronic 


| of personal information, de- 


spite the fact that 89% of the 
sites collected one or more 
types of personal information 


| from children. B 


are trying to hide the facts and 
blame the problems on some- 
one else. 


Q: What's your best advice on how 
users can avoid setting themselves 
up for failure? 
A: No. 1, if you’re going to buy a 
software package, your first 
objective should be [to] find 
one that meets as many of your 
needs as possible — then don’t 
change anything. Given that 
that’s not always practical, if 
possible, you need to change 
your way of doing business to 
match the package. You wouldn’t 
consider buying a new car, then 
two days later changing the en- 
gine or changing the wheels. 
The vendors, because they 
always want to say “No prob- 
lem,” will always agree 
change the package to the per- 
ceived needs of the [user] com- 
pany. The company, because it 
always wants what it’s used to, 
will ask the vendors to make 
changes. Both are at fault. The 
minute you cause a vendor to 
open that package and start 
making changes, you're in 
trouble. D 


to 
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See's: Where the Candy Is | 
Homemade - And So Are the Apps 


Interviewee: Greg Gibbons 
MIS director 

Company: See's Candies Inc., 
a subsidiary of Berkshire Hath- 
away Inc. 

Main locations: South San 
Francisco, Calif., with about half 
of the IT department in Los An- 
geles; company has 216 retail 
stores, mainly on the West 
Coast 


N h, 





of IT employees: 17 
Number of employees 
(end users): “About 
6,000 employees, but a 
lot of those are in manu- 
facturing and the shops 
We support about 280 
PC users and 300 termi- 
nal users.” 

Tenure: “| created 

the IT department here 
in 1994. Before that, | 
was with another 


Berkshire Hathaway What It's Like 
ToWorkat.... 


company that pro- 
vided IT to See's, so 
I've been involved 
with the company since 1985.” 
What kind of pressure does 
Valentine’s Day put on IT in 
a candy company? “That's 
our biggest single revenue day 
of the year. In our retail shops, 
it's standing room only on 
[Feb.] 13 and 14, and there's 
also a peak lasting a few days 
for mail order and Web orders. 
So systems availability and user 
support are huge for us. We 
have a huge, mature mail-order 
system that handles peak vol- 
ume, and we took care of Web 
site scalability before Christ- 
mas, which is a longer sus- 
tained peak.” 

IT initiatives: “We're evaluat- 
ing a point-of-sale [POS] sys- 
tem. Right now, we're using 
electronic cash registers. About 
30% of what we sell is hand- 
packed in the stores, and that 
doesn't lend itself to bar-cod- 
ing, so a POS system is not a 
simple slam dunk for us. It will 
probably have to involve some 
kind of scale that prints out a 
bar-coded label [based on 
weight]. 

“We'll also do some Web 
enhancements and some cus- 
tomer relationship management 
stuff that we'll build ourselves. 
We just went live with a Web 
application that lets online cus- 
tomers build their own box of 
candy. And we're moving over 


ad 


to client/server and rewriting 
our legacy applications as we 
go along.” 

It sounds like you have a 
lot of homegrown systems 
for such a small IT staff. 
“Our history has been to focus 


on homegrown applications, but | 


now we're making a transition 
to a best-of-breed approach. 
We'll continue to build the 
things that differentiate us from 
our competition, like the Web 
site and order entry. But 
we recently brought 
in a packaged radio 
frequency-based 
warehouse manage- 
ment system.” 
Upcoming training: 
“ColdFusion, HTML, 
JavaScript and an ob- 
ject technology we 
use called Omnidex 
from [Dynamic Infor- 
mation Systems 

Corp.].” 

Workday: 8 a.m. to 
4:30 p.m., “but we're flexible.” 
An eight-and-a-half-hour 
day? Really? “We do a fair 
amount of after-hours support 
and some weekend mainte- 
nance, database management 
and new systems rollouts. But 
things don’t go bump in the 
night that often.” 

Dress code: “Casual on Fri- 
days and business dress the 
rest of the time. We're heading 
toward business casual.” 
Kind of offices: “IT is located 
over the manufacturing area, so 
it smells good all the time. They 
make peanut brittle right under 
where we work.” 
Perks: Annual bonus program, 
company picnic in July, IT holi- 
day party in December. “We're 
always going out for lunch to- 
gether... . See's is very family- 
oriented, so | can always make 
it to my kids’ events. It’s also a 
charitable company.” 
Would employees feel com- 
fortable e-mailing the CEO, 
Charles Huggins? “Well, he 
swings by here fairly often to 
say hi to the staff, and he and | 
meet fairly regularly to set priori- 
ties. He’s very hands-on and 
has a keen awareness of how 
we use IT to differentiate our- 
selves. But he doesn’t have 
e-mail.” 
- Leslie Goff 
(Igoff@ix.netcom.com) 
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PETER G.W. KEEN 


The Case for Storage 


TORAGE HARDWARE is about as exciting to most IT and 
business managers as watching pet rocks sunbathe. But it’s 
rapidly becoming the single most important element of 


e-business innovation. 


Just look at your company’s e-business infrastructure. 


There’s only one proprietary component: the 
enterprise customer data. Never put that at risk 
in terms of availability, security, ability to scale 
customer relationship management (CRM) sys- 
tems, speed of access, backup and archiving, or 
server consolidation. 

Almost every other platform component is 
now a commodity; a company can substitute 
one excellent vendor’s products for another’s — 
low-end and midrange servers, PCs and Inter- 
net hosting services, for example. Or a company 
has some wiggle room: It can call in systems in- 
tegrators and C++/Java wizards, or build front- 
end links to legacy systems. This is by no means 
easy, but none of these areas is the “giant bot- 
tleneck” that storage is now. 

Here’s the problem for IT: For decades, stor- 
age has been handled as just an add-on to IT 
strategy and as JBOD — storage professionals’ 
acronym for “just a bunch of 
disks.” One colleague calls this 
the “aspirin” approach. Your doc- 
tor tells you, “You’ve got a fever? 
Take two aspirin and call me in 
the morning.” Whoever handles 
JBOD purchases says, “Your data 
warehouse is exploding again? 
Buy two clusters and call back 
next month.” 

Even the network-attached 
storage vs. storage-area network 
(SAN) debates about how to best 
manage networked storage are 
typically handled in nonbusiness 
terms, centering on such con- 


erating costs. In IT, there’s often 
a wide gap in thought and knowl- 
edge between network and stor- 
age professionals. 
Try asking your best telecom- 
munications experts about Fibre 
Channel or backup and archiving. 
Then talk to the storage people 
about IP-based SANs. In most in- 
stances, you'll see blank stares. 
Look at the network architecture 
plans. See if you can find the storage architec- 
ture plans. Good luck. Then look at your com- 
pany’s many CRM activities and see if there’s 
any discussion of their implications for storage 
beyond JBOD and “aspirin.” Again, good luck. 
IT needs to raise the strategic discussion of 


IT needs to 
raise the 
strategic 

discussion 

of storage. 


cerns as response times and op- - 


storage in the same way and to the same degree 
that telecommunications moved in the 1990s 
from cables and boxes to e-business architec- 
ture and in the same way that databases have 
moved from software to CRM. 

Storage vendors and buyers need to build an 
entirely new dialogue. 

In the JBOD world, vendors are box salespeo- 
ple, and IT organizations are box buyers. Both 
are in a commodity transaction, not partners in 
enterprise storage strategy. The JBOD suppliers 
come in with feature lists, prices and service 
promises. That’s fine for semicommodities such 
as low-end servers, PCs and Internet hosting. 
But it’s inappropriate when the discussion is 
about the architecture for the firm’s customer 
data resources or its e-business strategy and 
platform architecture — and recognizing the 
importance of never putting either at risk. 

As the storage issue rises above 
JBOD, IT must redefine the ven- 
dor dialogue, and vice versa. Will 
EMC’s powerful sales force and 
aggressive selling be the basis for 
your company’s dialogue? Will 
Hitachi Data Systems’ increasing 
dominance in pure technology 
and product leadership translate 
into architecture leadership? Will 
Sun be able to turn its e-business 
server strengths into comparable 
networked storage strengths? Un- 
til a year ago, $3 of sales in servers 
meant $1 of storage sales for Sun. 

Now, it’s the reverse. Dell, 
Compagq, Network Storage Solu- 
tions and Hewlett-Packard (which 
is mostly Hitachi with a different 
logo) all have good boxes. 

Which will be the platform 
partner? For me, that’s the next IT 
e-business agenda. Which would I 
choose? Probably Hitachi, be- 
cause if my firm’s customer data 
is my proprietary business edge, I 
want the best hardware. But don’t 
take my word for it. IT profes- 
sionals must have their own opinions, shaped in 
their companies’ best interests. D 





Keen is chairman of Keen Education and an author 
and consultant. His Web site is www.peterkeen.com 
and he can be reached at peter@peterkeen.com. 





VEN WITH STRONG securi- 





ty, e-business risk is a fact 
of life in today’s intercon- 
scted business world. But 

the fundamental problem 

with managing this nev 

form of business risk, say 
IT managers, is that there are no met- 
rics and no standards to measure the 
level of risk 

Nevertheless, your board of direc 
tors needs to see that those bits and 
bytes they call “just data” are really the 
corporation’s lifeblood. And they must 
get their arms around the ultimate cost 
to the business if that data were lost, 
stolen or altered. 

“We need to make a model whe 

business risk is wrapped in the cost 
of doing business — like automobiles 
[that] transfer regulatory costs to the 
consumers,” says Frank Reeder, who 
chairs both the computer system se- 
curity and privacy advisory board at 
the U.S. Department of Commerce 
and the Center for Internet Security 
in Bethesda, Md. 

But quantifying risk calls for statis- 
tics and benchmarks, things that are 
sorely lacking in this new era of e-busi 
ness, says Paul Raines, head of global 
information risk management at Bar- 
clay’s Capital, the investment division 
of Barclay’s Group PLC in London. 

“Most risk models so far have been 
qualitative: Define your assets by 


these 
quantitative model, you need data to 
determine chance and frequency. The 
problem is, there hasn't been historical 
data to draw from. The equivalent of 
actuarial tables will help.” 

The amount of data gathered con- 
cerning e-business risk is nowhere 
near the amount gathered during 100- 
plus years of the automobile. But busi- 


Raines says. “To develop a 


ness risk managers are currently look- 
ing at e-business risk as another ele- 
ment of business risk. In so doing 
they’re developing some early stan- 
dards and metrics that will ultimately 
make it easier for business leaders and 
IT managers to understand and evalu- 
ate e-business risk. 

For starters, regulators and stan- 
dards bodies are developing best prac- 
tice guidelines for information securi- 
ty, a crucial first step in building a 
framework for metrics. Insurers ar 
selling e-business security and liability 
insurance, so they’re already attachin 
a price to some risks. Private incident- 
response centers are gathering and 
publishing statistical data on the fre- 
quency of certain events that could ex- 
pose risk. And internal auditors are be- 
ginning to define e-business risk for 
their boards of directors. 

Managing risk starts with security 
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Corporations are 
aware of some of the 
risks of e-business. 
But they’re only 
beginning to discover 
ways to measure 
those risks. 

By Deborah Radcliff 


ee, 


GLENN YAUCH and Jackie Wagner 
educated General Motors on the 
company’s level of e-business risk. 


alculat 


standards and best practices, s 

Mark Rasch, vice president of c 

law and global integrity at Predictive 
tems Inc., an e-business services 

company in New York. 

id IT managers shouldn't have any 
trouble finding security standards any- 
more. For example, the Bethesda, Md.- 
based IT education group SANS Insti- 
tute and a new nonprofit standards 
group, e-Security.org, are collecting 
data on best practices and publishir 
growing set of guidelines that identi- 


i 


if 
‘ctigaygy (MN 


fies the following as top-level risk 
areas: connected computers on the 
other side of the Internet (such as 
Web sites and business partners) and 
the integrity of the information on a 
Web site and its impact on corporate 
reputation. 

id last month, the International 

ation for Standa ation ap- 

proved a security standard that grew 
out of one used in Britain. This new 
standard includes a certification pro- 
gram in the areas of policy, asset classi- 
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fication, allocation of security re- 
sources and responsibilities, systems 
and network security, government 
compliance, physical security, employ- 
ee training and awareness and access 
controls. 

Visa International Inc. in Foster City, 
Calif., and American Express Co. in 
New York are also throwing their 
weight into security standards by mak- 
ing them mandatory for their electron- 
ic merchants. Their requirements are a 
little broader, encompassing mostly 
server-side credit card processing and 
storage, access controls and encrypted 
tunnels. Analysts say these efforts will 
go a long way toward setting up future 
risk frameworks in the business-to- 
consumer market. 

“I consider the reach of Visa much 
stronger than any government agency 
or security company, because credit 
companies can say, ‘If you don’t follow 
our security policies, you can’t process 
our cards,’” says Pete Lindstrom, an 
analyst at Boston-based Hurwitz 
Group Inc. 


THE QUEST FOR DATA 


One of the best places to begin look- 
ing for data and metrics is the insur- 
ance industry. A handful of business 
insurers, including The Fidelity and 
Deposit Cos. in Baltimore and 
American International Group Inc. 
(AIG) in New York have already start- 
ed insuring against e-business risk and 
building actuarial tables. 

AIG, for example, offers three areas 
of risk insurance: The first, says under- 
writing director Matthew Berman, is 
media liability (broadcast of informa- 
tion on the Web site), which covers 
$500,000 in losses with premiums 
starting at $3,000. For 1 to 3 cents on 
every dollar of coverage, AIG also cov- 
ers network security insurance against 
hackers, business interruption, theft of 
intellectual property and downstream 
liability. The average coverage is $1 





million. A third pro- 
gram insures profes- 
sional services like 
Internet service 
providers and data 
management centers 
for similar premiums. 

But e-business in- 
surance program man- 
agers at AIG and Fi- 
delity and Deposit say 
they don’t yet have 
metrics for frequency, 
cost and probability 
because they’ve had 
no claims. Nor do they 
have a lot of customer 
data or actuary infor- 
mation. Each of these 
two insurers has fewer 
than 50 e-business risk 
customers. And the actuarial tables for 
those clients are all custom-made. 

“These insurance products are so 
new, the $64,000 question is: Are we 
charging the right premium for the ex- 
posure?” says Dave O’Neill, vice presi- 
dent of e-business solutions at Fidelity 
and Deposit. 

Government, research and private- 
sector incident-reporting centers are 
also filling databases with information 
that’s quickly growing large enough to 


ness risk: 


liability 


= Extortion 


detect trends and probabilities, accord- 


ing to Rasch, whose company manages 
information sharing and analysis cen- 
ters (ISAC) for Japan and the financial 
services industry. ISACs are privately 
owned security incident reporting cen- 
ters spawned by the educational ef- 
forts of the federal Critical Infrastruc- 
ture Assurance Office (CIAO) [Busi- 
ness, Jan. 22]. 

Businesses and educational groups 
are also gathering statistics and 
crunching numbers. The CERT Coor- 
dination Center at Carnegie Mellon 
University in Pittsburgh, for example, 
says 15,167 incidents were reported last 
year, an increase from 9,859 in 1999, 
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HOW INSURERS 
VIEW RISK 


Insurance companies look 
at these factors, among 
others, to assess e-busi- 


= Electronic publishing 


= Property damage 

@ Business interruption 

= Damage to reputation 

= Restoration costs 

= Intellectual property loss 
= Business income loss 


BUSINESS 


And these incident re- 
ports could be mined for 
deeper statistical data. 

But organizations like 
the CIAO aren't waiting 
for hard statistics to catch 
up with perceived risk. 
They’re already taking the 
concept of e-business risk 
to their boards. 

“Historically, corpora- 
tions have developed a set 
of business-risk approach- 
es — insurance, auditing, 
financial controls and oth- 
er risk management tech- 
niques — to protect their 
business assets,” says Jef- 
frey Hunker, outgoing se- 
nior director of critical in- 
frastructure protection ef- 
forts at the National Security Council. 
“It’s a cliché, but the most important 
assets today are all information assets, 
and this information is all on networks. 
Boards of directors for the most part 
don’t understand that that’s the risk to 
business right now,” he says. 

The CIAO’s outreach to the audit 
community has been helpful in driving 
the message of e-business risk up to 
various boards of directors. 

For example, Jackie Wagner, general 
auditor at General Motors Corp., at- 
tended a CIAO meeting last April and 
brought along the chairman of GM’s 
audit committee, Dennis Weather- 
stone, former CEO and chairman of J.P. 
Morgan & Co. When Weatherstone re- 
turned to GM, he brought the auto- 
maker’s CIO into the boardroom to up- 
date the board of directors on system 
security. 

“The audit committee and the board 
asked a lot of questions. All were about 
our level of risk and how we’re ad- 
dressing it,” says Wagner. (Specifically, 
she notes, the board asked how GM 
drives accountability beyond the IT or- 
ganization in managing exposure to 
risk.) Wagner says the board was hap- 
py with GM’s security controls. 

The audit team hired Glenn Yauch, a 
Deloitte & Touche LLP consultant 
then stationed at GM, and placed him 
as director of GM’s e-business. Yauch 
then launched a series of company- 
wide powwows about risk. 

“T pulled together resources from 
GM’s audit services and mixed them 
with technical consultants. We put 
every risk we could think of on a board 
and created buckets of risk,” he says. 

These buckets include: 

= E-business strategy: Alignment 
with existing strategy and marketing 
channels, marketplace and opportunity | 
strengths; stakeholders (suppliers, 
customers, trading partners); and 
sponsorship. 

= Business policy: regulations and 
customer data privacy. 
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# End-to-end process/transaction 
flow. 

# Data management: Integrity, avail- 
ability and confidentiality of data 
stored in databases and in customer 
relationship management systems 

® Infrastructure: servers, firewalls, 
operating systems, routers and appli- 
cations. 

Yauch adds, “Once we put this list 
together, we found this framework was 
flexible enough to address other busi- 
ness units as they rolled out e-business 
initiatives.” 

In due time, all these data collected 
by auditors, insurers and emergency 
notification centers will become the 
foundation of new risk metrics sys- 
tems. And time, say analysts, is the one 
thing that anyone developing risk met- 
rics can count on. 

“Only time and practice will allow 
us to get to a point where we can really 
be finite about whether we’re looking 
at a $10 or a $10 million e-business 
risk,” says Doug Goodall, executive di- 
rector of Red Leaf Secure Systems Inc., 
an IT security incubator and holding 
company in Pittsburgh. “That’s where 
business judgment really needs to be 
applied.” D 


KEEPING THE FAITH 


FIRST UNION CORP., whose core 
business is trust, can’t wait for outside 
interests to determine risk metrics. So 
last year, the Charlotte, N.C.-based 
bank implemented Phase 1 of a risk- 
compliance program by standardizing 
policy and tracking compliance. 

“We wanted to make it measurable 
whether files, systems and risk para- 
meters are appropriate,” says Pat 
Hymes, manager of distributed com- 
puting at First Union's information se- 
curity division. 

Hymes’ team started by assessing 
whether its published operating system 
security policy was being followed using 
commercial and home-written software 
agents that report the state of the oper- 
ating systems. 

The agents reported back that “the 
general state of our operating system- 
level security wasn't very good,” Hymes 
says. “A lot of the system administrators 
didn’t even know security was part of 
their jobs. So we put together a training 
class.” 

This compliance data is now used to 
chart measurements, which are routed 
to department heads and IT leaders 
with bullet points that say, “Here are the 
common risk areas and here are our 
concerns,” he adds. 

Hymes’ next step: Develop similar 
measurements for compliance in net- 
works and applications and among 
employees. 

- Deborah Radcliff 








T’S FAST BECOMING AN AXIOM in the 
computer technology field that getting 
ahead requires getting around. The as- 
sumption is that anyone who wants to 
take charge of his career path, get pro- 
motions, move on to new projects and 
seize new opportunities must do so by 
hopping from company to company. 
Employees who stay with one em- 
ployer, we're told, are stuck working 
where that company wants them — usually stranded 
on the same old project team or trapped on a pre- 
ordained career track. 

But try telling that to David Thompson, who took a 
job at age 19 distributing reports at Pier 1 Imports Inc.’s 
information systems department. Eleven years later, 
he’s a network systems manager at the company. 

Thompson’s path has been a striking combination 
of his own initiative and Pier 1’s willingness to give 
him opportunit nd that, some say, is the formula 
for employee success: empowering employees to 
control their own career growth within the company. 

IT managers say they agree that initiative can be 
encouraged but not created — employees like 
Thompson will take advantage of the opportunities 
you present. And you probably don’t want your less- 
motivated employees moving into positions of h 
responsibility anyway. 

With the motivz workers, IT managers say, you 
don’t really have a choice; they will take charge of 
their careers, with or without you. 

“Systems employees are very sophisticated 
consumers of the employment experience, 

Margaret Schweer, director of human resources for 
information systems at Kraft Foods International Inc. 
in Northfield, Ill. “The harder you try to contain 
people, the more likely you are to lose them.” 


Opening Opportunities 

Thompson began expressing an in st in moving 
up while he was a report runner, teaching himself 
about PCs and writing programs on the side. When 
an opening appeared in PC support, his manager 
recommended him for the spot and he got it. 

A year and a half later, he applied for and got an 
internal position as liaison between end users and 
programmers. As Pier 1 rolled out its first LAN, 
Thompson strove to expand his duties further into 
that area so he could learn more about network 
implementation. Five years later, he got a chance to 
jump the fence into systems administration — a role 
he had long had his eye on — when he heard of an 
opening there. Eventually, when a managerial 
position opened up last fall, Thompson's boss 
remembered his expressed interest in managing 
and gave him the slot. 

Fort Worth, Texas-based Pier 1 has just 129 IT 
workers, so internal job openings are rather finite, 
and Thompson has at times been forced to wait for 
his chances. But he ; he knew they would be 
there. “I was not stifled in any way when I ap- 
proached management about opportunities,” he says. 

Because of the limited size of the departments, 
efforts in establishing formal career tracks haven't 
proved viable at Pier 1, says Ginny Carroll, director 
of technology for information services. 

But informal approaches work well. When a pro- 
grammer asked Carroll about joining the electronic 
data interchange team, she sent him to talk with the 
relevant manager “to make sure that he knows that 
you're waiting for a chance,” Carroll says. “So even if 
opportunities aren’t there right now, people feel like 
they’re being listened to.” 
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In some ways, it may be easier to advance at a 


| smaller organization. As Carroll points out, “In a 


group of 129, it’s pretty obvious where the oppor- 
tunities are.” 
At 85,000-employee Cargill Inc. in Wayzata, Minn., 


| it’s a bit more difficult. “It’s just a huge organization 
| and is all over the place physically,” says Lloyd Tay- 


lor, corporate vice president of IT at the agricultural, 
financial and industrial products conglomerate. “We 


| have job postings like everybody else, but for [em- 
| ployees] to find out what's happening is difficult.” 


Of course, big companies such as Cargill have the 
advantage of offering career paths in any number of 


| directions. It has long been standard thinking that IT 
| workers need career ladder options other than man- 
| agerial ones. And of course, to be effective, the pure- 
| ly technical paths must offer every financial and pro- 


fessional reward of the managerial track. 

Steve Finnerty, CIO and senior vice president of 
information services at Kraft, offers the traditional 
managerial track. But he also allows IT workers to 
move into the business units. In fact, a current leader 


| of Kraft’s financial systems started in the IT group, 
| went into the finance unit to support its applications 
| and returned to work up to his current position. 


“I encourage people to get broad experience and 


| assignments that are just a bit over your head,” 


Finnerty says. 
Schweer speaks of it less as a career track and 
more as “stringing together meaningful employment 


| experiences.” 


And sometimes, when you let an employee choose 
his path, he makes the wrong choice. “The biggest 


| problem we've had is people we’ve moved into man- 
| agement who have decided they didn’t like it,” says 


Carroll. Her response is to change their titles back, 


| but keep them at the higher pay scale. 


It’s not just managerial moves that fail to work out. 
Carroll recently sent a member of her call center 


| staff with a Cobol background to a client/server 
training class. “We found out that he really didn’t 


have the ability to do the data modeling and other 


| conceptual tasks,” she says. The difficulty is in letting 
| people try and fail without sending the message to 
others that they’ll be punished for giving it a shot, 


Carroll says. 


Empowering, Supporting Employees 
Increasingly, companies such as Kraft push the 
power directly to their employees’ fingertips through 


| the company intranet. Internal job listings, training 
| courses and job skill assessments are all there. It’s a 


regular company-run career counseling center, right 
on the desktop. 

Just a couple of years ago, Kraft changed the way it 
posted job openings on its intranet. Instead of focus 
ing on the skills or experience required for a job, the 
listings now describe the development opportunity 
the position offers. In other words, rather than asking 
“Are you right for this job?” the listings ask “Is this 
job right for you?” 

Likewise, Kraft’s employees are encouraged to 
view training choices as part of a continuum that fits 
into where they’re going next in their employment 
journey. Employees say they love the chance to 
choose their own classes rather than just attend the 
ones the company deems necessary. 

Pier 1 goes a step further, making sure that employ- 
ees who receive training get some small projects on 
which to use their new skills, even if the projects 
aren’t a normal part of their jobs. The company’s 
intranet debuted a new feature at the start of this 
year that shows every current project, with time 
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| lines, documentation and even requests for propos- 


als. Everyone in IT can see what’s happening and 
what will be happening and consider whether it’s 
something they'd like to be a part of. 

The common sticking point about empowering 
employees arises at the pivot point of an employee’s 
manager. Encouraging the worker’s eye to wander to 
new projects inevitably rankles managers who would 
like to keep their teams intact. 

Finnerty says managers should be made to see that 
everybody gains from mobility. “If everybody is play- 
ing ball, then people are moving across functional ar- 


| eas, so if I’m losing a great person, I’m getting a great 


person,” he says. 
That sounds nice in the abstract but will hardly 


| mollify the middle manager facing a gaping hole 


where a former go-getter has come and gone. 

It’s easier when the manager has forged a similar 
path within the company, says Carroll. Three quar- 
ters of the 24 managers in Pier l’s IT department 
came from within the company’s technical ranks, she 
says, and that makes them more accepting when a 
worker comes to them with a transfer request form. 

“I’ve gotten wonderful feedback from managers 
saying, ‘I'd hate to lose this person, but if it’s for the 


| best for Pier 1, I’ll support it and be a reference, ” 


Carroll says. 
“It’s the employee’s opportunity to make develop- 
ment happen,” Schweer adds. “It’s the manager’s re- 


| sponsibility to facilitate that development.’ 


Kraft puts its IT managers through leadership de- 
velopment training to make sure they have that atti- 
tude toward the employees working under them. 

Schweer has a simple message for those IT man- 


| agers. “Employees are gifts that you don’t get to 
| keep,” she says. “You're always developing them for 


their next stage.” D 





| Bernstein is a freelance writer in Watertown, Mass. 
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Spotlight on TIBCO for Scalable e-Business Integration 


TIBCO Software Inc. offers a full line of solu- 
tions for enterprise application integration (EAI), 
business-to-business integration (B2Bi) and por- 
tal infrastructure. TIBCO’s modular e-business 
architecture allows customers to purchase soft- 
ware on an as needed basis, though most pur- 
chase the entire suite at once. Advanced XMI 
technology from the company’s recent acquisition 
of Extensibility will be distributed across product 
lines. TIBCO’s e-business solutions are used in a 


variety of vertical industries 


Product Descriptions 
TIBCO 


ActiveEnterprise, TIBCO ActivePortal and 


TIBCO’s product lines 
TIBCO ActiveExchanges integrates internal 
systems and processes, extends business process- 
es and content through the Web and wireless por- 


tals and connects to businesses through B2Bi 


TrIBCO ActiveEnterprise enables businesses to 

integrate their internal systems and processes 
ActiveEnterprise includes the following 

¢ TIB/Rendezvous messaging software provides 
synchronous, asynchronous and transactional 
messaging 
T1B/Message Broker provides rules-based trans- 
formation, adapters for connecting leading 
applications, databases and network technolo- 
gies to the enterprise infrastructure 
T1B/Adapters provide off the shelf connectivity 
to TIBCO’s infrastructure for a number of appli- 
cations, databases and platforms. 
TIB/Integration Manager provides process 
automation and TIB/InConcert provides work- 
flow management. Together they streamline 
processes by managing the execution of 
sequences of electronic tasks and by managing 


the workflow of people’s tasks 


CUSTOMER 


¢ TIB/Hawk provides remote system monitoring 
and management of hardware and software 


assets across LANs and WANs 


rIBCO ActivePortal extends systems and 
processes to customers, partners and employees 
through Web and wireless portals. TIBCO 
ActivePortal includes the following 

¢ TIB/PortalBuilder provides a development and 
run-time environment for creating portals 
Through content and application integration, it 
provides secure, aggregated and personalized 
access to mission-critical data from real-time 
external and enterprise sources 

¢ TIB/AlertServer sends real-time alerts based on 
pre defined events to wired and wireless devices 

* TIB/PortalPacks provide aggregation and distri- 
bution of content such as news and financial 
information, from sources including Reuters, 
S&P Comstock, BusinessWire and PR 
Newswire. They distribute information in real 
time as HTML, XML or other customizable for- 
mats. These can be standalone, as part of a 
T1B/PortalBuilder and/or TIB/AlertServer 
deployment or in customized environments such 
as voice and wireless 

* TIBCO.net is an outsourcing service for hosting 
TIBCO ActivePortal installations in a quick, 


reliable and scalable manner 


TIBCO ActiveExchange enables B2Bi and cre- 
ates marketplaces and exchanges. Businesses can 
connect and collaborate with trading partners and 
suppliers of all sizes. ActiveExchange includes: 

* TIB/BusinessConnect for automating interac- 
tions between the business system of compa- 
nies. It provides full-partner management and 
can utilize an LDAP directory or database. 


¢ TIB/BusinessPartner is distributed to medium 


the insider's guide to e-business integration 
www.ebizaQa.net 


TIBCO Software Inc. 
at a glance 


Products: ActiveEnterprise, ActivePortal, 
ActiveExchange 
Product types: Messaging, EAI, B2B 
Integration, Process Integration Portal 
Infrastructure 
Address: 3165 Porter Drive 
Palo Alto, Calif. 94304 
Phone: (650)-846-1000 
Web Site: www.TIBCO.com 


Founded: 1997 

Ownership: NASDAQ:TIBX 

Company Revenue: FY 99: $96.4M; 

FY 2000: $252M 

Total Employees: 1053 

Total Employees in Service/Support: 288 
Total Employees in R&D: 260 

Number of installations: 1,000 


sized partners and suppliers that do not have 
B2B servers to enable them to exchange docu- 
ments with the TIBCO B2B server. 

* TIB/BusinessExpress is a browser based appli- 
cation allowing small companies to participate 
in electronic document exchange over the Web. 

ActiveExchange provides B2B security including 

encryption and authentication. It supports leading 

standards and data formats including RosettaNet, 

XML, cXML, BizTalk, ebXML, EDI and VAN so 

businesses can interact with their partners across 

industries regardless of the B2B server their part- 


ners have deployed. 





This piece was written by Beth Gold-Bernstein, vice 
president strategic services at EbizQ. 


FEEDBACK 


Customers unanimously praise ActiveEnterprise for its scalability and the easy extensibility of applications created with the product. They characterize it as “indus- 


trial-strength software that scales easily to handle tens of millions of hits.” Customers also appreciate its event-triggered process automation and the ease with 


which it can incorporate new processes and data sources. They also like its range, which enables them to leverage integration from the enterprise to the portal 


TIBCO has a proven track record for providing fast and secure messaging and real-time data delivery to very large organizations. The company’s software 


underlies some of the largest news feeds in the world to broadcast stock quotes, financial news, sport events and weather alerts. 
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Payin 
on Right 


Project teams in IT have been 
around for years and are seen by 
managers as a critical way to develop 
applications for internal users or even 
to build new products for sale to the 
public. 

Despite the widespread use of IT 
project teams, managers take different 
approaches to evaluating and motivat- 
ing individual team members, espe- 
cially when it comes to performance 
bonuses. Four experts in team evalua- 
tion and compensation gave Computer- 
world their opinions on how managers 
should reward IT team members. 





REWARD HANDSOMELY 


David Foote 

Managing partner, Foote Partners LLC 
New Canaan, Conn. 

Also a Computerworld columnist 


Individual 
team members 
should be given 
annual perfor- 
mance awards by 

, their regular 
4 managers and 
also receive 

healthy bonuses for their team’s per- 
formance on a given task, Foote says. 

For example, a worker named Jane 
might be eligible for her annual perfor- 
mance review, with a possible raise of 
5% to 15%. If Jane is also on a team 
with a two-year project, the managers 
involved might agree up front to give 
her and each of the other team mem- 
bers 20% of each of their base salaries 
as a bonus at the end of the first year. 
At the end of the second year, they'd 
receive another 30% of their base, 
assuming project goals are met. 

While that amount of bonus may 
sound extraordinarily high, it could 
be justified if the project dramatically 
affects the company’s performance, or 


BUSINESS 





if the project team is building a prod- 
uct that launches the company into a 
new and important business. 

Foote says he believes that mile- 
stones in the project should be set per- 
haps as often as every three months, 
and “if you miss a milestone, you don’t 
get a portion of your bonus.” 

Foote says four phases — the work, 
design, building and implementation 
phases — need to be defined as points 
at which bonuses could be paid. 

Part of the rationale for large bonus- 
es is to keep key team members from 
leaving midway through a project, 
especially in such a fluid IT job mar- 
ket, Foote says. If a bonus isn’t fair, 
team members will say so up front. 





BIG BUCKS FOR 

BIG PROJECTS 

Robert Zawacki 

Professor emeritus, University of Colorado 
Boulder, Colo. 


Big bonuses should be reserved for 
the biggest projects, which will some- 
times have a major revenue or cost- 
savings impact on a corporation, 
Zawacki says. 

For example, if a senior systems 
analyst who’s making $80,000 per year 
got a 20% bonus, it would be $16,000. 

“That bonus might work if the 
reward is not held off too long, or it 
might lose its effectiveness,” he says. 

But Zawacki says he’s concerned 
about how large project bonuses might 
sit with CEOs who don’t want to get 
locked into major financial incentives. 

“Setting proj- 
ect bonuses is an 
area where IT 
managers have to 
wing it with 
CEOs,” Zawacki 
says. In a com- 
petitive world 


where IT workers are 
willing to leave to take new jobs, man- 
agers may need to convince CEOs that 
a project bonus might be one way to 
keep top workers. 

Zawacki says team members need to 
be evaluated by managers outside of 
teams as well as those on the project. 
But could that result in a team that 
protects a nonperforming member? 

That isn’t likely, Zawacki says. “Every- 
body knows when a worker on a team 
is a poor performer,” he says, using as 
an example a team he worked with at 
the former Digital Equipment Corp. 

One worker said he was being 
picked on by his team members. The 
supervisor learned the worker wasn’t 
sharing the workload, including carry- 
ing a beeper on the weekends. The 
worker was told to start carrying the 
beeper; when he didn’t, he was fired. 

“Don't apologize for high standards,” 


| even when subordinates are working 


on teams, Zawacki urges managers. 


GIVING THE STAR TREATMENT 


Allen Ditchfield 

Systems consultant 

Former ClO, The Progressive Corp. 
Former vice president of IT, MCI Corp. 


Bonuses for team 
members need to 
be variable to 
reward the top 
performers, those 
whom Ditchfield 
calls the “10X” 
performers who 
bring 10 times the creativity and qual- 
ity to the work. 

“Usually, you have to take care of the 
10X guy,” Ditchfield says. “With proj- 
ect stuff, it’s not a communistic 
process where everybody is trying to 


| get the same shoes.” 


Still, 10% of a person’s base pay for a 
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When it’s time to hand out bonuses to IT team 
members, how do you know how much to give? 
We asked four authorities how a manager can 
decide how much to reward. By Matt Hamblen 


| bonus might be enough. “I'd say that 


20% to 40% of base pay sounds high,” 
he says. But Ditchfield adds that he 
believes in psychic gratification as 
much as bonuses as a motivation for 


| being on a team. “Team projects can be 


a status symbol,” he says. “Everybody 
wants to be on the hot one, although, 
sure, you do have some who come to 
work and can’t be motivated on a team. 
Still, there are people who gravitate 
toward the high-risk area.” 

Ditchfield says he also believes that 
managers outside of teams need to be 
in regular contact with their direct 
reports, even if they're on team duty. 
“If you are walking around and are in- 
volved, you'll pick up signals,” he says. 





| AVOIDING THE GREED FACTOR 


| Mark Endry 
| ClO at J.D. Edwards & Co. 


Enterprise software maker in Denver 


Managers could 
put too much 
emphasis on 
team bonuses, 
Endry says, 
which can lead to 
jealousy among 
team members. 
For example, if a global project in- 
volves 20 people worldwide but only 
eight people on the core team get 
milestone-based project bonuses, 
“people on the global team will start 
to talk,” he says. 
Noncash rewards could help with 
such disparities, Endry says. Such 


| perks could include inviting top man- 
| agement to dinner with team members 


to help remind them how important 
the project is to the overall business. 
Noncash incentives that work are 
more team-oriented, and “the quiet 
reward won't work as well as the 


| visible ones that involve the team,” 


Endry adds. 

Such noncash rewards depend on 
the scope of a project and “can start 
with cake and cookies and certificates 
of recognition or sometimes sending 
the team to a baseball game, either 
with the family or alone,” he says. 

“One year we provided key 
members of a project an overnight 
in the mountains and a dinner with 
management” that reinforced how 
vital the project was to the company,” 
Endry adds. D 
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For years, they 
were dismissed 
as too slow for 
the New Econo- 
my. But now, 
corporate giants 
are picking up 
the pace as lean 
start-ups begin to | 
wear themselves 
out. By Melissa 
Solomon 
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OR THE PAST FEW YEARS, tra- 
ditional industry leaders have 
been trashed by little start-ups 
headed by lightning-quick 
wunderkinds. Corporations 
saddled down with bureaucracy can’t 
keep pace with today’s market, the free- 
wheeling New Economy players snick- 
ered as their market valuations soared. 

But as those corporate giants waited 
for the go-ahead from their boards be- 
fore stepping into the new age of busi- 
ness, the market became dramatically 
more profit-focused, and many of those 
whiz kids were handed their pink slips. 
Now, as the e-business upstarts burn 
themselves out, the dinosaurs of indus- 
try are making their moves. And from 
watching the mistakes of their younger 
counterparts, they learned that what 
they already knew still applies: Slow 
and steady wins the race. 

“We went through a learning experi- 
ence last year, as did everyone,” says 
Snehal Desai, director of e-business at 
Midland, Mich.-based The Dow Chem- 
ical Co. “People are back to thinking 
about these as longer-term hard work 
and not just fast return.” 

Call it the second coming of the In- 
ternet explosion. Or better yet, the re- 
venge of the big boys. 

Despite the declining market for 
technology start-ups, large corpora- 
tions such as Dow, J.P. Morgan Chase 
& Co. and Merrill Lynch & Co. are 
jumping into the e-commerce fray by 
incubating companies from within. For 
many of them, it’s a way to spark inno- 
vation from inside their walls, as well 
as gain a new means of income. 

But e-commerce initiatives also 
bring with them new challenges for 
Old Economy players, such as fairly 
compensating and motivating employ- 
ees of spin-off companies and keeping 


| pace in the Internet economy. 


“T think the corporations have now 


| become engaged,” says Desai. “I’m 


kind of bullish going forward.” 


Inventing Ideas 

Eileen Marckioni, fund manager at 
New York-based Merrill Lynch's Inter- 
nal Venture Capital Fund, which was 
created in December to fund e-com- 
merce start-ups based on ideas from 


| employees, is just as enthusiastic. Mer- 


rill Lynch, she points out, has a $2 bil- 
lion annual IT budget, $1.5 trillion in 
client assets and millions of house- 
holds for market research. 

“We have a lot of muscle we can put 
behind new companies,” Marckioni 
says. “And a huge advantage is you al- 
ready have this first large corporate 
client that can give the new company a 
huge jump.” 

For the most part, corporations don’t 
seem to be focusing much on the burn- 
out rate among technology start-ups, 
because their own ventures aren't pri- 
marily profit-focused. 





For instance, Dow created its start- 
up, iVenturi, to fill a need within the 
company. The firm couldn’t find a suit- 
able hosting system to manage the 
workflow of its new business develop- 
ment projects, so it teamed with Camp- 
six in San Francisco and Andersen 
Consulting (since renamed Accenture) 
in Chicago to create a company, with 
Dow as its first customer. 

“We weren't in it for the quick IPO,” 
says Desai. “We were in it for building 
sustainable businesses. And there’s 
still a market for good business.” 

The “minor meltdown” in the Nas- 


EMBRYONIC 
JOURNEY 


After watching the souring start-up mar- 
ket, Snehal Desai, e-business director at 
Dow Chemical, offers the following bits of 
wisdom 


» Stay focused on products and ser- 
vices that customers (even corporate 
sponsors) will pay for, as opposed 
to what they find interesting. 


> Pulling together partnerships is an art, 
but it’s worth it. 

» Build a knowledgeable and passionate 
management team. 


» Senior management must get every- 
one working toward a common vision. 


» The governance process can slow 
things down, but try to maintain mo- 
mentum. 
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dag Stock Market “has put some pres- 
sure to get some funding from the out- 
side” for new e-business ventures, he 
says. Dow also recognizes that there 
are no guarantees that iVenturi will 
succeed. So far, says Desai, it’s on tar- 
get with all of its productivity goals, 
having shipped its first product last 
month and compiled an impressive list 


| of beta customers. But, he adds, “start- 


ups are struggling everywhere, and 
this one is no exception.” 

Desai declined to disclose iVenturi’s 
profitability targets, but he did say that 
Dow is taking a macro view. Rather 
than just focusing on financial state- 
ments, Dow plans to look within its 
business units to determine how much 
money is being saved by using iVenturi. 

In a worst-case scenario, Dow could 


| always spin iVenturi back into the cor- 


poration, says Desai. But that’s not 
even in the cards at this point, he adds, 


| “because we’re not an IT company at 


the end of the day.” 


Gold Rush or Fool's Gold? 

Dinah Adkins, president of the Na- 
tional Business Incubation Association 
in Athens, Ohio, says the time is ripe 
for that kind of balanced view. 

“It was very unrealistic,” she says of 
the early “gold rush” days of the Inter- 
net. “Now it’s unrealistic the other way. 
The truth lies somewhere in between.” 

Still, there’s no guarantee that corpo- 
rate ventures won't follow the lead of 
their failed independent peers. 

“You can see more failures than suc- 
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cesses,” says Josh Lerner, professor of 
business administration at Harvard 
Business School in Cambridge, Mass. 
For instance, Lerner put together a 
case study four years ago on what was 
then considered one of the most suc- 
cessful corporate incubators, Xerox 
Technology Ventures, the venture cap- 
ital arm of Stamford, Conn.-based 
Xerox Corp. It had a 70% rate of return 
over an eight-year period, he says. 

But just after Lerner finished the 
case study, Xerox abolished the pro- 
gram because it found itself competing 
with the very companies it had creat- 
ed. When Xerox first spun out those 
ventures, they focused on areas that 
the parent company didn’t consider 
strategic to its core business. But once 
commercial use of the Internet took 
off, Xerox moved into those areas and 
wound up going head-to-head with its 
start-ups, Lerner explains. 

“Tt’s almost inherent that there [are] 
going to be conflicts between the cor- 
poration and the spin-off,” he says. 

To succeed, Adkins says, cor- 
porations need to hire people 
who understand how to 
start and manage new 
companies. And they 
can’t create unrealis- 
tic burdens in terms 
of bureaucracy, 


she adds. 





__ E-BUSINES 


If you don’t learn to embrace new 
ideas, Adkins says, “you're dead meat.” 

Merrill Lynch’s Innovation Council, 
a group of senior executives charged 
with keeping fresh ideas flowing with- 
in the investment bank, heeded that 
warning when it came up with the idea 
of the Internal Venture Capital Fund. 

For proprietary reasons, Marckioni 
declined to identify the nature of the 
e-businesses that are being consid- 
ered. But she did say that the group 
seeks ideas that are strategic to the 
company and fall within one of the 
following four categories: knowledge 
management, mobile technologies, 
online finance infrastructure and 
communications. 

After just a few months, roughly 100 
formal proposals have been submitted 
from employees around the world and 
have been winnowed down to a top- 
five list. Merrill Lynch plans to fund 





three or four companies in the next six 
to nine months, says Marckioni. 

Such activity still shocks Dow’s De- 
sai after more than a year. “It’s just an 
amazing thing,” he says. “Our group, 
the new e-business group at Dow, just 
came into existence in December "99. 
And it’s been a ride. 

“We're trying to inject this start-up 
mentality into the corporation,” he 
adds. “And people are more receptive 
to that idea today than they were three 
to five years ago.” 

The idea seems to be catching on 
throughout corporate America. Last 
spring, New York-based J.P. Morgan 
earmarked $1 billion for LabMorgan, a 
separate e-business unit designed to 
support ideas for online finance start- 

ups conceived by en- 
trepreneurs 
inside 





43 


and outside the firm. And late last year, 
Pittsburgh-based Mellon Bank Corp 
created MellonLab, centered around 
the same principle. 

“It’s a group of individuals who take 
embryonic ideas and incubate them,” 
says Mellon CIO Allan P. Woods 
Those people place very strict bench- 
marks on an idea, and “[it] either pass- 
es these various benchmarks .. . 
taken out to the back of the barn and 
it’s shot,” he says. 


or it’s 


Risks and Rewards 

Bank of America Corp. is in the 
midst of launching a start-up focusing 
on business-to-employee services. But 
the core e-commerce strategy of the 
Charlotte, N.C., firm is to partner with 
New Economy players that can offer 
value to the company’s products and 
services, says Linda Mueller, a spokes- 
woman for the bank. 

That's a wise strategy, says Benjamin 
Gomes-Casseres, director of the MBA 
program at the Graduate School of In- 

ternational Economics and Fi- 
nance at Waltham, Mass.- 
based Brandeis Univer- 
sity and author of 
The Alliance Revolu- 
tion: The New Shape 
of Business Rivalry 
(Harvard University 
Press, 1997). Old 
Economy players 
still face enormous 
pressure to transform 
themselves, and New 
Economy companies have 
learned over the past year 
that they may not be able to 
survive without the re- 
sources and stability of the 
Old Economy stalwarts. 
Incubating ideas from with- 
in is also a good way for corp- 
orations “to create an environment 
of experimentation,” says Gomes- 
Casseres. But, he cautions, it isn’t a 
profit-making strategy. “Don’t do it 
for the money,” he warns. 

E-business career opportunities are 
options that many corporations can 
now add to their retention strategies. 

At Merrill Lynch, employees can re- 
ceive a reward of $20,000 or more for 
ideas that get funded, and they’re giv- 
en a 26-week paid leave to help grow 
the new company. At the end of that 
period, they have the option of stay- 
ing with Merrill Lynch or joining the 
start-up. 

“So we've really reduced the risk,” 
says Marckioni. 

But, says Desai, if employees choose 
to go, the risks are still there. No prom- 
ises are made that they'll have jobs if 
the ventures fail. 

“We're not sure that that puts the ap- 
propriate fire in the belly if they can 
always go back to their day job,” says 
Desai. D 


& 
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A growing num- 
ber of U.S. firms 
are turning to 
foreign labor 
markets to help 
solve staffing 
shortages. 
Here’s a look at 
some benefits 
and drawbacks 
to recruiting 
overseas. 

By Kym Gilhooly 





BUSINESS: 


TAPPING 
FOREIGN 
SHORES - 


| 
—A, | 


setting, which the firm hoped 
would appeal to workers. 

“Our strategy was to find a 
location in Ireland that had 
the infrastructure and the 
proximity to local institutes 
that would provide a steady 
graduates,” says 
Paul Carmody, managing di- 
rector of Prumerica, which 
was launched last summer to 
support Prudential’s Individ- 
ual Financial Services sector. 
“There has been a steady flow 
of graduates out of County 
Donegal looking for work, and 
we thought that they would 

like the opportunity to 
Fp return there.” 

U.S. companies like 
Prudential have long 
been exploring foreign 
markets to bolster their tech- 
nology operations, but such 
activity has hit a fever pitch in 
recent years, as IT staff short- 

ages have taken their toll. 


The Search Is On 


India, Ireland and 


stream of 


Israel 


| have received much attention 


as target markets for offshore 
facilities and IT outsourcing. 
But Mexico, Belize, the Philip- 


| pines and, more recently, Ro- 


mania and Russia are also at- 


| tracting projects as IT talent 


searches intensify. In looking 


| to foreign countries for IT 


>| hurdles, 


help, companies face cultural 
employment regula- 


| tory issues and project man- 


HEN The 
Prudential 
Insurance | 
Company 
of America 
decided to open a software | 
development facility to reduce | 
its dependence on service | 
providers, the company set its | 
sights on the Emerald Isle. | 

Like many large companies, 
Newark, N.J.-based Prudential | 
identified Ireland, with its 
sophisticated telecommunica- | 
tions infrastructure, healthy | 
business climate and educated | 
technology workers, as a fertile 
landscape for conducting the 
business of IT. 

Last summer, Prudential | 
opened the Prumerica Systems | 
Ireland Ltd. facility in Let- 
terkenny in County Donegal, | 
a location that was advanta- | 
geous to the company because 
of its proximity to local tech- 
nology institutes and its rural 


agement headaches, com- 
pounded by distance and lan- 
guage barriers. 

However, such 
by-products of doing business 
in a global economy and can be 
overcome with a little work 
and sensitivity, says M. Raja- 
gopal, managing consultant at 
Daedalus Inc., an IT services 
and recruitment firm in Banga- 
lore, India. “Cultural issues are 
inevitable across any two cul- 
tures, but they’re not insur- 
mountable,” he says. 

“Indian relationships tend to 
be closer even on the job, and 
the separation between profes- 
sional and personal is not as de- 
marcated as in the West,” says 
Rajagopal. Another considera- 
tion, he says, is that Indian IT 
professionals tend to have 
much more generalized train- 
ing and experience than their 
counterparts in the U.S., where 
specialization is emphasized. 

For Detroit-based General 
Motors Corp., which has sales 
and manufacturing facilities in 


issues are 


| Africa, the Asia-Pacific region, 


| company’s goal of hiring 150 IT 


| Orthodox Christmas, St. Steph- 





Europe and Latin America, the ; 
recruiting strategy is to hire | 
local nationals rather than 
bring in American workers. 
This approach has been a key 
factor in the success of IT oper- 
ations in GM’s facility in Rues- 
selsheim, Germany. 

“In Germany, GM had prob- 
lems when we sent Americans; 
they weren’t really well-accept- 
ed,” says Jackie Wolf, GM’s 
global human resources direc- 
tor for information systems 
and services. “Germans have a 
real pride in workmanship and 
in their culture. Americans 
may come off with different 
levels of arrogance, and, frankly, 
we get labeled.” 

Wolf says personalization is 
essential to attracting good IT | 
candidates because they have 
so many options. During a re- 
cent five-month search for a 
director to head the IT opera- | 
tions in GM’s Japan offices, for 
example, Wolf and her team 
decided to go after a candidate | 
working for a competitor. To 


| win him, they had to deal deli- | 


cately with the issue of loyalty. 
“The personalization of pro- | 
cess was critical, as it is in | 
every instance,” Wolf says. “In | 
getting foreign candidates in- | 
terested, we have to prove why | 
they’d want to work for an | 
American company. It comes | 
down to the personal phone | 
calls, culture-specific gifts and | 
follow-up letters. We have to | 
show them that they’re ex- | 
tremely important to us.” | 
It’s often the little things that 
can make the difference when | 


hiring IT workers in foreign | 


| countries, Carmody says. He 
| and his team make a point of | 
celebrating the diversity of the 
| Prumerica workforce because 


he has been pulling from sev- 
eral countries to reach the 


professionals by midyear. 
“I had hired people with dif- | 
ferent religious practices and | 


| customs than are the norm in | 
| Letterkenny, so we posted a 
| placard in the lobby that de- | 


scribes Christmas, Hanukkah, 
Kwanzaa, Ramadan, Russian 


en’s Day, Boxing Day and sev- 
eral other observances,” says 
Carmody. “Many of the staff 
took the time to read it com- 
pletely. It’s been a subtle but 
effective tool for promoting 
diversity awareness.” D 





Gilhooly is a freelance writer 
in Falmouth, Maine. 
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LANDS OF 
OPPORTUNITY 


What makes a country a good 
offshore candidate? According 
to IDC analyst Cynthia Doyle, a 
country ideally needs to meet 
four main requirements: 


= IT talent 

® English fluency 

= Solid telecommuni- 

cations infrastructure 
= Business experience 
with U.S. companies 


Doyle says India is the only 
region that truly meets all four, 
thanks to its vast population, 
which translates into much 
larger IT labor numbers than 
in other regions. Ireland, she 
says, has been popular for 
U.S. nationals relocating 
abroad, but the country’s rela- 
tively small population hinders 
it somewhat.“Ireland definitely 
meets the English language 
requirement, has a solid infra- 
structure, strong government 
support and a fairly low cost 
base but doesn’t have the vast 
pool of IT talent because of its 
[small] population,” says 
Doyle. But “it's rapidly becom- 
ing a hub of Europe, thanks in 
part to the spread of e-com- 
merce throughout Ireland.” 

One country that's rapidly 
gaining acceptance as a 
“near-shore” IT region is 
Mexico, Doyle says. “It's a 
relatively new market opportu- 
nity, rather like India was like 
20 years ago. Mexico has the 
same or similar time zones as 
U.S. companies, and it’s just a 
few hours by plane. And the 
cost advantages are between 
25% to 40% over U.S. coun- 
terparts.” 

Other countries are getting 
attention, but many of them 
face significant hurdles, Doyle 
says. Russia, for example, 
“has a large population and a 
pool of IT talent, but they fall 
down on English, and there 
are serious infrastructure and 
political and economic stability 
issues,” she says. 

The same is true for Roma- 
nia. The Philippines, mean- 
while, “has the infrastructure 
but has political and social tur- 
moil,” Doyle says. “It's a great 
example of a country that’s got 
enough IT talent but is almost 
shooting itself in the foot due 
to unrest.” 

- Kym Gilhooly 
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BUSINESS! 


FINANCIAL & BUSINESS CONCEPTS IN BRIEF 


DEFINITION 
Electronic marketplaces use Web- 
based technology to exchange 
and route business documents 
among the disparate systems 
of multiple trading partners so 
they can buy and sell goods and 
services electronically. 


BY LEE COPELAND GLADWIN 
N JUST ABOUT every in- 
dustry — from automo- 
bile manufacturing to 
chemical production — 
an electronic market- 

place has been created to han- 


dle the buying and selling of | 


goods and services between 


manufacturers and suppliers. | 
One common bond that unites | 


these markets is the hope that 
the automation of exchange 
processes will dramatically cut 
time, cost and waste. 

One thing’s for sure: Such 
marketplaces are big business. 
Cambridge, Mass.-based For- 
rester Research Inc. estimates 
that trading in Web-based mar- 
kets accounted for $251 billion 
in sales last year across 13 in- 
dustries, including construc- 
tion, aerospace and defense. 

But while technology is a 
key enabler behind the scenes, 
one of the biggest challenges 
online market creators face is 
in translating paper-based pro- 
cesses to more efficient, elec- 
tronic approaches. 

For example, contracts that 
involve complex sourcing or 
parts designations may require 
detailed interaction between 
the buyer and seller outside of 


the e-marketplace. The buyer | 
may even disclose engineering | 
The world’s largest automaker 


specifications, delivery timeta- 
bles and other sensitive data to 
the marketplace’s participants. 
But instead of shuffling pur- 
chase orders back and forth or 
faxing production schedules, 
various procurement steps can 
be handled electronically. 

Several of these virtual 
bazaars have been founded by 
buyers. 





A prime example of that is 
Covisint LLC, a 
business e-marketplace creat- 


business-to- 


| ed by Ford Motor Co., General 


Motors Corp. and Daimler- 


| Chrysler AG last February. The 


automotive exchange could 
potentially handle more than 
$240 billion in annual procure- 
ments of raw materials and ve- 
hicle parts by these manufac- 
turers alone. 


One-Stop Shopping 
| Before e-marketplaces be- 
| gan popping up last year, “buy- 
ers were tied to a single suppli- 
| er or a handful of suppliers 


over tightly controlled ex- 
tranets,” says Daniel Garret- 
son, an analyst at Forrester Re- 
search. “Now, with e-market- 


places, they can do one-stop | 
comparison shopping across | 
thousands of suppliers and go | 


to the best source in real time 
or near real time.” 
With a slowdown in vehicle 


sales predicted for this year | 


due to the softening economy, 
the Big Three automakers have 
placed increased pressure on 
their 150,000 suppliers to re- 
duce costs. 


Detroit-based GM plans to | 


reduce the average cost of pro- 
cessing a purchase order from 


$100 to $10 by using Covisint. | P ; 
Integration Quagmires 


Perhaps the greatest techni- | 


spends more than $80 billion 
in procurements each year, so 
even a minor improvement in 
how these activities are han- 


dled could save the company | 


billions. 
Most of the big automotive 
suppliers acknowledge that 


they'll work with Southfield, | 


Mich.-based Covisint, but that 


| born, 


hasn’t stopped them from cre- 
ating e-marketplaces of their 
own. Johnson Controls Inc., a 
manufacturer of car parts and 
environmental systems in Mil- 
waukee, plans to launch a de- 
sign and collaboration ex- 
change for its 600 suppliers 
next month. 
Mike Suman, 
president for e-business and 
marketing at Johnson Con- 
trols, says the company need- 
ed to replace its homegrown 
product development soft- 
ware with an online exchange 
that will address the bidding 
process with suppliers and the 
management of design collab- 
oration. E-commerce software 
from MatrixOne Inc. in 
Chelmsford, Mass., will form 


group vice 


the bulk of the technology in- | 


frastructure. 

Johnson Controls generated 
$6.8 billion in revenue last year 
— or 40% of its $16.14 billion in 
total sales — from contracts to 
build car interiors, seats and 
batteries for the Big Three. 


But Suman says the com- | 


pany also works with nonauto- 
motive and 
automakers, like Volkswagen 
AG in Germany, that don’t plan 
to join Covisint. 


customers 


Dana Corp. is another major 


automotive supplier that’s 
building a private e-market- 
place. Officials say Dana is 
building its own exchange to 
handle purchasing transac- 


tions with its 86,000 suppliers. | 


But the Toledo, Ohio-based 
driveshaft 
maker, which drummed up 
one-third of its $13 billion-plus 
revenue 
Mich.-based Ford and 
Stuttgart, Germany-based Daim- 
lerChrysler, will 
with Covisint. 


also 


cal challenge facing e-market- 
places is the need to integrate 


| the various back-end systems 
of participants with the ex- | 


change platform. 

To process transactions elec- 
tronically, participants need a 
format for defining the data 
elements in documents such 


other | 


and _ piston-ring | 
from sales to Dear- | 


work 


E-Marketplaces 


as invoices and purchase or- 
ders. XML provides a common 
method for identifying what 
data fields contain, thereby 
making it easier to swap doc- 
uments electronically. But as 
the e-commerce industry has 
grown, the number of flavors of 
XML has multiplied. 

The top three e-commerce 
software vendors each use dif- 
ferent XML vocabularies for 
defining data. Commerce One 
Inc. in Walnut Creek, Calif. 
uses Common Business _Li- 
brary (CBL); Ariba Inc. in 
Mountain View, Calif., 
cXML; and Oracle Corp. uses 
OAG XML. 


uses 


Vocabulary Problems 

Those differences can create 
problems when an e-market- 
place must unite systems from 
hundreds or even thousands of 
trading partners. For example, 


one XML vocabulary may list 


the second line in an address 


> 


field as “Address 2,” while a dif- 
ferent XMI 
assign “Apartment No.” to that 
same field. 

Covisint is being built using 
Commerce 


vocabulary may 


from 
One and Oracle, so it must 
contend with the CBL and 
OAG XML formats. In addi- 
tion, the Big Three and most 
of their top suppliers also use 
data 
(EDI) systems for processing 
invoices and communications, 
adding yet another layer of 
confusion. 

“The Web platform has to 
use XML to parse documents, 


technology 


electronic interchange 


but we also have a large cus- 
tomer base that’s into the EDI 
infrastructure,” Bernie 
Malonson, product marketing 
“They 


Says 


manager at Covisint. 
just got the EDI 
straightened out recently, and 
so we can’t ask them to aban- 
don it until we can prove that 
XML will work.” D 


equation 


ONLINE AUTOMOTIVE MARKETPLACE Covisint is expected to han- 
die more than $240 billion in annual procurements of raw materi- 
als and vehicle parts that will make their way to the assembly lines 
of the Big Three automakers, like this one at a DaimlerChrysler 


plant in St. Louis. 





@ Are there business terms you would like to learn about in QuickStudy? Please send your ideas to quickstudy@computerworld.com. 
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endor Short-listing: 
The Long and Short 


MPLEMENTING A “ZONE OF CONSIDERATION” — or creating a short- 
list of potential vendors for a particular purchase — is a very important 
step in optimizing your IT procurement process. It normally occurs 
after potential vendor proposals have been evaluated. Other names for 
this step are “down-selecting” and “short-listing.” Whatever name you use, 
this is where you engage in critical communications with would-be vendors. 
After your evaluation, you should notify the vendors about whether they 
are in or out — that is, whether or not they’ve made the shortlist and quali- 
fied for the zone of further consideration. 


Vendors out of considera- 
tion need to be told that 
they're out, without complete- 
ly eliminating them. Vendors 
still in consideration can be 
commended for their efforts 
thus far, as a goodwill gesture. 
But they must also be told that 
there’s still competition and 
that they must sharpen their 
pencils. Your essential cus- 
tomer objectives at this point 
are to maintain flexibility, es- 
tablish some negotiating pow- 
er and keep your options 
open. A misstep here can lose 
you some leverage. 

For those vendors that are 
left out of the zone of consid- 
eration, a simple letter like 
this will do: 


Court to Review 
Judge's Comments 


The U.S. District Court of Appeals 
last week set aside 60 minutes in 
the upcoming Microsoft Corp. anti- 
trust appeals case to discuss “con- 
duct of trial and extrajudicial state- 
ments” - namely, comments made 
by trial judge Thomas Penfield 
Jackson, who, since the trial has 
ended, has accused Microsoft 
Chairman Bill Gates of having a 
Napoleon complex and has com- 
pared company executives to drug 
dealers. 

Microsoft has accused Jackson 
in two separate briefs of being 
biased and has asked that he be 
disqualified from any future pro- 
ceedings. But the company didn't 
ask for oral argument time on Jack- 


Thank you for your response 
to our [insert project name] re- 
quest for proposals. Our project 
team has completed its evalua- 
tion of all potential vendor pro- 
posals. We concluded that our 
current requirements can be 
more completely met by other 
vendors. Accordingly, we will 
require no further information 


from you at this time. 


This language notifies the 
vendor of its status, yet pre- 
serves your options by stating 
there’s no need for further in- 
formation at this time. Most 
savvy vendors will gather that 
they haven’t made the cut but 
that they haven’t been ab- 
solutely eliminated. They can 


| son’s behavior in the briefs. 


The appeals judges also issued a 


| schedule for oral arguments that 
| reversed an earlier agreement. 


Microsoft, the U.S. Department of 


the case had asked for four and a 
half hours to argue the issues. But 


| in last week's order, the judges in- 


creased the oral argument time to 
seven hours. 

Oral arguments are scheduled for 
Feb. 26 and 27. 





Bose implements 
CRM System 


| Bose Corp. in Framingham, Mass., 


has implemented a customized 
sales management and customer 


| service software system from Akibia 
| Inc. in Boston, Akibia announced 


last week. The system performs 
hundreds of functions across a 
worldwide sales force, allowing 


still hold out some hope. Some 
will follow up with a phone 
call. Simply state that you 
haven't made a final decision. 
Preserving your options is 


| paramount. Because some 


vendors that make it into the 
zone may be eliminated for 
various reasons, it could be 
necessary to move a previous- 
ly eliminated vendor back into 
consideration. 

If you eliminate a vendor 
and later have to plead with it 
to return to the discussion, 
you'll have little negotiating 
leverage. In fact, you may end 
up begging. That’s not a pretty 


| sight, and it could prevent you 
from getting the best possible 


deal. 


sales personnel to track expense 


| reports, retail promotions and dis- 


plays, and inventory, according to 


| information provided by the two 
| companies. 
| Justice and the 19 states involved in | 


NTT DoCoMo Moves 
Into U.S. Market 





| AT&T Wireless Group in Redmond, 

| Wash., has signed a deal with NTT 

| DoCoMo Inc. and Sony Computer 

| Entertainment America Inc. to de- 

| velop new network services and ap- 
plications in the U.S. One applica- 

| tion would allow AT&T Wireless’ 

| U.S. customers to use their wireless 
devices to play interactive games on 
Foster City, Calif.-based Sony's new 
PlayStation. 

Tokyo-based NTT DoCoMo, the 
largest wireless service provider in 
Japan, recently bought 16% of the 
tracking stock for AT&T Wireless. 

AT&T Wireless, which is separat- 





Notifying those vendors 
that have qualified for the 
zone is easier, but it’s also im- 
portant to preserve your 
leverage and maintain a com- 
petitive environment. A letter 
puts things in writing and pro- 
vides a formal notice. Here’s 
the recommended text: 
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cluding their names, titles and 
roles. To expedite negotiations, 
we request that you limit your 
team to four individuals and in- 
clude decision-makers on the 


| team. 


Please understand that we 
reserve the right to award the 
contract to any potential sup- 
plier at any time, without fur- 


Thank you for 
your response to 
our [insert project 
name] request for 
proposals. Our 
project team has 
completed its eval- 
uation of all poten- 
tial vendor propos- 


| als. We concluded 


that your proposal 
may provide a so- 
lution capable of 
meeting our re- 


| quirements. Obvi- 


ously, this is subject 
to a closer evalua- 
tion of various as- 
pects of your pro- 
posal, and to your 
satisfying any con- 


JOE AUER is president of 
International Computer 
Negotiations Inc. 
(www. dobetterdeals. 


com), a Winter Park, Fla., 


consultancy that 
educates users on high- 
tech procurement. ICN 
sponsors CAUCUS: The 


Association of High Tech | 
Acquisition Professionals. j 


Contact him at 


ther notice to you. 
There will be no 
best and final bid- 
ding rounds or dis- 
cussions of other 
potential supplier 
deals for you to bid 
against. 

Having your 
very best deal on 
the table at all 
times — and think- 
ing constantly 
about ways to im- 
prove it — will 
serve you well dur- 
ing this time. 


This type of 
letter commends 
vendors for their 


cerns we may have 
in this regard. Ac- 
cordingly, we have placed you 


| within our zone of considera- 
| tion with the other potential 


suppliers believed capable. 

We will be contacting you 
soon to arrange initial discus- 
sions of your proposal. Our ob- 
jective will be to negotiate a 
mutually acceptable agree- 
ment. Please identify your ne- 
gotiating team members, in- 


success but also 
reminds them 
that they haven’t yet won the 
deal and need to remain com- 
petitive. 

At this juncture, it’s all 
about negotiating power and 


| control. To be effective, com- 
| munications to potential ven- 
| dors must inform but, at the 

| same time, preserve your 

| leverage as they compete for 


your business. D 





| ing from parent AT&T Corp., has 


posted a new Web site at www. 


| attwireless.com. 





U.S. Unemployment 
Rate Highest Since 99 


The U.S. unemployment rate rose to 


| 4.2% last month, the highest level 

| since October 1999, according to 

| figures recently released by the U.S. 
| Department of Labor’s Bureau of 

| Labor Statistics. The number of job- 





| less workers increased by about 
| 300,000, to nearly 6 million. 





Epiphany Hires 
Former Oracle Exec 


Customer relationship management 
application vendor E.piphany Inc. in 
San Mateo, Calif., has hired former 
Oracle Corp. executive Roy Camblin 





as its C10 to assume global respon- 
sibility for IT infrastructure, pur- 
chasing and facilities. Camblin, a 
veteran IT industry executive who 
also worked at Citibank, Charles 
Schwab Corp. and Wells Fargo & 
Co., was in charge of all systems 
technologies at Oracle. 


E-Business and CRM 
Vendors Unite 


E-business applications vendor 
FirePond Inc. recently acquired 
Brightware Inc., a provider of Web- 
based customer relationship man- 
agement software. 

The price of the deal is $9 million 
in cash and 3 million shares of com- 
mon FirePond stock, according to 
officials at Waltham, Mass.-based 
FirePond. Among San Rafael, Calif.- 
based Brightware’s customers are 
AT&T Wireless Group, AAA National 
and Continental Airlines. 
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Sales Force Automation: 

The Purpose 

What is then expected of successful 
sales force automation? Not just the 
standard increases in revenue and 
margin. With the success of the 
“intangibles measurement” method- 
ology represented by the Balanced 
Scorecard, there are means for quan- 
tifying measurements of customer 
satisfaction and sales force effective- 
ness that complement increases in the 
bottom line, as tangible as those 


increases are. 


Increased Revenue 

Needless to say, this is the ne plus 
ultra result for SFA: improvement in 
the bottom line. But a gross increase 
is not a sufficient answer for SFA suc- 
cess. Just as important are the increas- 
es in revenue per salesperson and in 
the gross profits per year. If you have 
an increase of 100 percent in sales 
revenues but your cost of sales has 
increased, or it came strictly as a 
result of your increased sales force, 


your SFA implementation failed. 


Cost Reduction in Cost of Sales 

Interestingly, this is a key parameter 
for success in an SFA implementa- 
tion. There is an enormous amount 
of time used by salespeople in coordi- 
nation of their efforts, continuous, 
repetitive data entry, and often 
unsuccessful attempts to extract and 
interpret data without the tools to do 
so. Studies have been done that show 
that sales time to fulfill administrative 
functions is almost half of a salesper- 
son's activity. By reducing the time 
engaged in these administrative or 
other non-sales-related efforts, the 


cost of sales is reduced. 


Customer Retention Due to 
Company, Not Product or Service 
If your customers are happy, they stay 
with you, even if they are paying a bit 
more. Myer Emco, a very successful 


customer home theater and con- 


Authored by: Paul Greenberg 


sumer electronics equipment 
installer, puts a large amount of time 
into making sure their customers get 
excellent service. They probably are 
10 to 15 percent more expensive than 
comparable retail equipment dealers 
in the Washington, D.C., metro area. 
However, they have a loyal clientele 
willing to pay the extra cost, simply 
because the level of personal service is 
so effective. It’s not about the money, 
its about the relationship with the 
company and, often, the relationship 
with particular salespeople within the 


company. 


Sales Force Increasing Mobility 

The Web is transforming as it creates 
the New Economy. Perhaps the best 
example is the increasing use of per- 
sonal digital assistants (PDAs), such 
as the Palm or Blackberry’s RIM for 
Internet access. Wireless applications 
companies are proliferating. Aether 
Technologies grew from 70 employ- 
ees to more than 800 in a year, went 
public, started an acquisition binge 
and then, after all this, in late 2000, 
announced proudly that they had 
their first customer! Wireless Web 
applications and Web/phone conver- 
gence are creating an unprecedented 
buzz in an IT world that is known for 
its loud buzzing. Just recently, 
Handspring, the creator of the Visor 
PDA, announced that the Visor 
would have an add-in module that 
would plug into the back of its 
unique PDA that would allow Visor 
to operate as a cellphone. The sales 
force is out of the office more often 
than ever — meeting customers, 
moving through airports, prospecting 
for leads on Broadway with their 
PDAs. This is making mobility a 
competitive issue, requiring effective 
competitive mobile tools, such as the 
Internet and the handhelds. Most 
CRM companies are moving quickly 
to establish wireless components for 
sales, such as SalesLogix for Web 
phones and _ handhelds, Siebel 


Wireless, or the wireless access to the 


various SFA.com portals. 


Easily Available Customer 
Information with Single View 
There are multiple departments that 
have an interest in viewing the status 
of a customer account or opportuni- 
ty. For example, the sales department 
wants to see the status of opportuni- 
ties. The accounting department 
wants to see the state of invoicing and 
billing for the same accounts. The 
marketing department wants to see 
reports on varying degrees of success 
or failure of their campaigns with 
individual accounts. 

Within each department are indi 
viduals with different roles who each 
have their own agendas for what pass- 
es through their crosshairs. The vice 
president of sales wants to see all the 
activity of all salespeople in his 
department, including their contact 
lists and opportunities. He also wants 
to get a sales pipeline report to refine 
his sales forecasts for the coming 
quarter. The account manager doesn’t 
need that much. He wants a national 
view of all of the sales activity around 
the accounts he owns (for example, 
all the sales meetings and reports 
related to IBM or 3Com or whoever 
the customer happens to be at any 
given moment). The sales manager 
wants to see opportunity progress, 
but not all the contact lists of each 
salesperson. Each salesperson wants 
to manage the customer accounts he 
owns. Each of them has the individ- 
ual view that allows them to see all 
the data they need to — that is, have 
the permissions to see — but at the 
same time, there is a universal view of 
all the data available to all depart- 


ments at all times. 





When your application hits the Oracle 


performance wall, how will you scale it? 


If you run web applications 
on a relational database, sooner 
or later you will run into a wall of 
speed and scalability limitations. 

What are the first signs that 
the wall is getting close? Maybe 
your data center starts buying 
more expensive computers. Or 
maybe you are suddenly spending 
money on “middleware”. 

Before you know it, the costs 
related to running your relational 
database are skyrocketing, while 
your probability of suc is 
plummeting — because relational 
database technology was never 


meant to meet the performance 


demands of today’s e-applications. 
The best way to scale the 
performance wall is with Caché, 
the post-relational database 
proven to run SQL based 
applications up to 20 times 
faster than relational database 
technology, and to scale up to 
many tens of thousands of users 
without sacrificing performance. 
Plus 


e-development environment, with 


hé includes a rapid 
simple-to-use yet powerful object 
technology that dramatically 
accelerates the creation and 
adaptation of sophisticated web 
applications. 


Caché comes from 
InterSystems, a specialist in 
high-performance database 
systems for over twenty years — 
with 24x365 support, and over 3 
million users worldwide. Caché is 
available for Windows, OpenVMS, 


Linux and major Unix systems. 
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Download a fully-functional copy of Caché for free at e- DBMS.com, 
or call 1-800-753-2571 for a free CD. 
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HACK OF 
THE MONTH 


The latest buffer-over- 
flow vulnerability in 
BIND highlights a histo- 
ry of problems with this 
complicated software 
that forms the “glue” 

of the Web. Computer- 
world security specialist 
Deborah Radcliff offers 
tips on how to protect 
your system. » 50 


SECURITY 
JOURNAL 


Jude Thaddeus conducts 
a disaster-scenario exer- 
cise, contemplates how 
to provide continuity 
planning — and says 
goodbye to Security 
Manager’s Journal. His 
parting advice: It’s not 
just coping with a disas- 
ter that counts; it’s being 
able to keep the busi- 
ness running. » 52 





ADVICE FROM 
THE LABORATORY 


Lawrence Livermore 
National Laboratory 
CIO David Cooper 
manages an advanced 
technology lab, but 
what he has learned 
about data management 
and employee recruit- 
ment and retention 
could benefit any IT 
operation. » 56 





QUICKSTUDY 


Computers organized 
like your brain: That’s 
what artificial neural 
networks are and why 
they can solve problems 
other computers can’t. 
They’re capable of 
learning and analyzing 
large, complex sets of 
data that more linear 
algorithms can’t easily 
deal with. Learn more in 
our concise primer. » 60 





HANDS ON 


Computerworld looks at 
three utility suites that 
help fix — and maybe 
prevent — problems 
when Windows goes 
haywire. If you use one 
of these tools, you may 
be able to fix a problem 
before it happens and 
avoid the blue screen 
of death. » 54 


FUTURE WATCH 


A new way to transmit 
information is based on 
very familiar technolo- 
gy. Anoto has developed 
a messaging and data- 
recording system that 
connects specially de- 
signed image-scanning 
pens to wireless phones 
via Bluetooth technolo- 
gy. And the whole sys- 
tem looks like an ordi- 
nary pen and paper. »55 





EMERGING 
COMPANIES 


IWork is one of the first 
vendors to offer manu- 
facturers a supply-chain 
workflow system that 
can convert shop-floor 
documents, such as pur- 
chase orders, into XML 
documents and then for- 
ward them to a compa- 
ny’s enterprise resource 
planning system — or to 
suppliers. » 61 





EMERGING 
MARKETS 


The Rio Grande Valley 
of northern New Mexico 
is known as the Silicon 
Mesa — a growing hot- 
bed of high-tech oppor- 
tunity. But the reality 
may not be nearly as hot 
as the climate. » 64 
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“OUTSOURCING IS . . ..a way to get expertise ao & deploy it quickly,” says 
John Lucich, international president of the High-Tech Crime Network. But, he adds, 

“there is no one who can ever say you’re 100% secure and can never get broken into.” 


HAVE TRUST, BUT 
NOT TOO MUCH 


OUTSOURCING FIREWALLS AND INTRUSION DETECTION can 
save your company plenty of money. But the key 
to successfully passing on these crucial security 
functions is to keep an eye on the people you’re 
paying to protect your data. And, of 

course, it helps if you have good secu- 

rity policies in place before you look 

to outsourcing. 


49 








DEBORAH RADCLIFF 


HACK OF THE 


TECHNOLOGY 


MONTH 


Stuck in a BIND 


NLESS YOU’VE BEEN living under a rock, you 
already know about the latest buffer-overflow 
vulnerability in the Berkeley Internet Name 
Domain (BIND) software, a domain name server 
(DNS) utility that matches Web server names to Internet 
Protocol addresses so people can find companies on the Web. 
By all accounts, BIND is the glue that holds the entire address- 
ing scheme together, making up at least 80% of the Internet 


naming system. 

Rightly, the CERT Coordination 
Center made a big deal when it 
announced two weeks ago that BIND 
Versions 4 and 8 are vulnerable to 
root-level compromise, traffic rerout- 
ing and all other sorts of nasty possi- 
bilities. 

The following are some other dis- 
turbing facts about BIND: 

a BIND is controlled by the Internet 
Software Consortium (ISC), a non- 
profit vendor group in Redwood City, 
Calif. Heavyweights like Sun, IBM, 
Hewlett-Packard, Network Associates 





Hardening Your DNS 


1. Run BIND in a nonroot environment. 

2. Set up a split-brain DNS configuration. 

3. Tighten your BIND 8 configuration 
using built-in security options. 

4. Consider running a nonrecursive name 
server. 

5. Configure your operating system to 
mark the stack nonexecutable. 


For useful links, visit our Web site. 





| ous coding problem that’s 











| and Compaq support it. 
ag By virtue of the ubiquity of BIND, 
| the ISC wields a lot of power. 


g Just before this latest vul- 


| nerability went public, the 

| ISC announced preliminary 
| plans to charge for critical 

| BIND security documenta- 
| tion and alerts through sub- 
| scription fees starting with 


resellers. This set off an out- 
cry in the nonvendor IT 
community. 

m BIND has had 12 security 
patches in recent years. 

g This latest vulnerability is 
a buffer overflow, a notori- 





| upgrade, per CERT’s recommendation. 
| But there are other things they can do 





DEBORAH RADCLIFF is a 
Computerworld feature 
writer. Contact her at 
deborah_radcliff@ 


computerworld.com, 


this buffer-overflow problem, accord- | 
ing to CERT. 

IT pros aren’t buying it. 

“BIND is a big, unwieldy piece of 
software that’s been completely rewrit- 
ten, but it can still have buffer over- 
flows anywhere in the code,” says Ian 
Poynter, president of Jerboa Inc., a 
security consulting firm in Cambridge, 
Mass. “BIND is the biggest point of 
failure on the entire infrastructure of 
the Internet.” 

DNS administrators should indeed 


to cut the umbilical cord from the ISC. 

First, don’t allow BIND to run at 
root, says William Cox, an IT admin- 
istrator at Thaumaturgix Inc., an IT 
services firm in New York. “The best 
way to limit your exposure 
is to run the server in a 
‘chrooted’ environment,” 
he says. “Chroot is a spe- 
cific Unix command that 
limits a program to only a 
certain portion of the file 
system.” 

Second, Cox recom- 
mends breaking up DNS 
server farms to protect 
against getting knocked off 
the Web the way Microsoft 
and Yahoo were two weeks 
ago. He suggests keeping 
internal IP addresses on 








been well documented for a 

decade. Through code that’s vulnera- 
ble to buffer overflow, attackers can 
gain root simply by confusing the pro- 
gram with illegal input. 

@ Ironically, the buffer overflow 
popped up in BIND code written to 
support a new security feature: trans- 


| actional signatures. 


The ISC is now asking IT managers 


| to trust it once again and upgrade to 


Version 9 of BIND, which doesn’t have 


| chief technology officer at Security- 





The Best Instructors and 
SERVICE, SERVICE, SERVICE 


Northeast Training Group, Inc.'s mission is to be the 
premier solution provider to the productivity problems that keep 
Information Technology Managers awake at night. 


@ Over 200 Instructors 


* Technical skills training-most hardware & software 
¢ Business Systems Analyst Curriculum 


¢ Management Training 
¢ Soft skills specific to IT 


We'd like to get to know you and we'd like you to get to know us. 
Call or email Sue Goldberg or visit our web site. 
PHONE: 617.469.5557 
EMAIL: Sgoldberg@NortheastTrainingGroup.com 
WES SITE: wwW.NortheastTrainingGroup.com 





internal DNS servers that 
aren't open to Web traffic and spread- 
ing Internet-facing DNS servers 
around to different branch offices. 

Still others are looking at Internet 
naming alternatives. One that’s gaining 
popularity is named djbdns (http:// 
cryp.to/djbdns.html), after Daniel Bern- 
stein, author of Qmail, a more secure 
form of SendMail, says Elias Levy, 


Focus.com, a San Mateo, Calif.-based 
Internet services company and list 
server for Bugtraq security alerts. 


Diagnosis: Trojan Horse 

Speaking of Bugtraq and the 
pervasive threat posed by vulnera- 
bilities, Bugtraq issued a utility on 
Feb. 1 to its 37,000 subscribers, which 
was supposed to determine whether 
machines are vulnerable to the BIND 
buffer overflow. The program was 
delivered to Bugtraq via an anonymous 
source. It was checked by the Bugtraq 
technical team, then cross-checked 
by Santa Clara, Calif.-based Network 
Associates. 

Turns out the program’s binary shell 
was really a Trojan horse. Each time 
this diagnostic program was installed 
on a test machine, it sent denial-of- 
service packets to Network Associates, 
taking some of the security vendor’s 
servers off the Net for as long as 
90 minutes. 

Oh, what a tangled Web we weave. D 
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Nishan Rolls Out 
Three SAN Switches 


Storage networking vendor Nishan Systems 
Inc. announced last week three new storage- 
area network (SAN) switching devices for 
storage over !P. San Jose-based Nishan is 
shipping the IPS 2000, which works with 
SCSI over Gigabit Ethernet, and the IPS 3000 
for Fibre Channel over Gigabit Ethernet. The 
Start-up also said next month it will begin 
shipping the IPS 1000 for switching between 
a mixed environment of SCSI, Fibre Channel 
and native IP storage devices. 

Along with Nishan’s latest network man- 
agement software, Sanvergence, the package 
will allow businesses to combine SCSI and 
Fibre Channel protocol with the interoper- 
ability and speed of Gigabit Ethernet to create 
wide-area storage networks, said Randy 
Fardal, Nishan’s vice president of marketing. 
The company claims that storage over IP can 
deliver faster service than Fibre Channel and 
eliminates the need for building new net- 
works. Fardal said that from a network 
management view, the new technology 
appears to be “just another switch or router” 
in the SAN fabric. 

The IPS 3000 has eight dual-mode Fibre 


| Channel/Gigabit Ethernet ports, with pricing 


starting at about $16,000. The IPS 2000 has 
four Layer 2 SCSI ports and two Gigabit 
Ethernet ports, with prices starting at about 
$10,000. Pricing hasn't been set for the IPS 
1000, which has two Gigabit Ethernet SAN 
ports and two SCSI/Fibre Channel Gigabit 
Ethernet ports. 


Informix Updates High-End 
Data Warehousing Server 


Informix Software, an independent operating 
company of Informix Corp. in Westboro, 
Mass., last week released an incremental up- 
date to its high-end data warehousing server, 
Informix Extended Parallel Server. According 
to the company, enhancements include an 
extended backup and restore capability that 
allows for the use of a mirrored copy to quick- 
ly back up the database, with virtually no 
downtime; MaxConnect, which enables sup- 
port for thousands of client connections while 
reducing CPU demand of the database server; 
and support for SUN Solaris 8. 


Nuance Launches 
Text-to-Speech Software 


Nuance Corp. in Menlo Park, Calif., has 
announced a line of text-to-speech software 
products called Nuance Vocalizer. Users will 
be able to listen to a human-sounding voice 
read e-mail, driving directions and other 
items. Pricing wasn’t available. 
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TECHNOLOGY — 


Disaster Strategy: Bring 
Continuity From Calamity 


It’s not just coping with a disaster that counts; 
it’s being able to keep the business running 


DAY OF doom and gloom | 


— how marvelous! 
Our new business conti- 
nuity planning consultant 


is asking managers to de- | 


vise disaster scenarios. After all, we’ve 


got to have a good idea how things | 


might go wrong if we’re to have any 
hope of planning what to do about them 
when they do. 

He explained it to me in 
person, using what seemed 
to be a well-rehearsed line 
explaining how necessary 
it was, how it wasn’t as 
much work as it sounded 
and how we have only two 
weeks to complete it. 

The consultant certain- 
ly wasn’t expecting me to 
embrace the idea enthusi- 
astically. 

It may seem strange, but 
this is a part of the job I 
enjoy. It’s partly because 
the work involved is a bit 
more challenging — what 
IT security professional 
wouldn't prefer to work 
on a cutting-edge distrib- 
uted denial-of-service at- 
tack rather than just respond to the lat- 
est macro virus infection? But the main 
reason is that disaster planning helps 


me make some sense out of the moun- | 


tain of work that’s out there. For IT se- 
curity, doom and gloom is strategic 
planning. 


Of Trade-Offs and Judgment Calls 


One of the long-standing principles 
of security is the constant trade-off be- 
tween security and functionality. Most 
security mechanisms make computers 
more difficult to use, and most new 
functionality raises new risks. Some- 
where in between there is, I hope, a 
happy medium. 

In every security department, there’s 
always more work required than there 
are available. Somehow, 
you've got to make that judgment call 
on every piece of work: It'll never be 
fully secure, but is it secure enough yet? 
Rather than making those calls by the 
seat of your pants, you stand a much 
better chance of achieving something 


resources 
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in the long run if you've got an underly- | 


ing plan. And the best way to make a se- 
curity plan is to work out all the things 
that could go wrong and be prepared to 
deal with them. 

Simple, huh? 


This has been happening more and 
more often. A recent high-profile inci- 
dent took place at London-based Royal 
& Sun Alliance Insurance Group PLC. 

a Fire in the hole: Fire, flood, explosion or 
some other disaster can render your 
central data center or computer rooms 
unusable. This occurs more frequently 
and for more bizarre reasons than you'd 


| expect. 


So here’s a list that reflects my cur- | 
rent thinking on the most likely ways | 


that security breaches could have a big 
effect on my company. Are there any 
readers who care to suggest 
other scenarios that 
missed? 

m Denial-of-service attacks: 
This is a common scenario, 
on record in many forms, 
from the Internet Worm in 
1988 to the latest attack on 
Microsoft. 

Technically, these types 
of attacks are easy to 
mount, but their conse- 
quences are limited to de- 


pany’s Internet gateway. 
m Hacker blackmail: An un- 
known third party could 
claim to be able to disrupt 
or destroy your internal IT 
systems and demand to be 
paid off. This is difficult to prevent be- 
cause it can be difficult to prove or dis- 
prove vague claims. 

Hacker blackmail is becoming more 
common, and it’s reputed to occur 


I've | 


nials of service on network 
connections sharing a com- | 





much more frequently than is reported | 


publicly. 


aw Industrial espionage: A direct competi- 


tor could obtain details of your busi- 
ness plans via your IT systems and take 
advantage of that knowledge to out- 
compete you in the marketplace. 

This is often reported to occur with 
internal collusion, which makes it all 
the more difficult for companies to de- 
fend against. 
w= Computer misuse decimates staff: In this 
scenario, significant numbers of staf- 
fers who have been misusing IT re- 
sources — disseminating pornography 
or hate material, for example — are dis- 
missed. Since these situations often in- 
volve transmitting material via e-mail, 
dismissing all concerned can decimate 
an entire department, severely affect- 
ing its ability to operate effectively. 





Anecdotal evidence tells of a disaster 
recovery consultant who boasted that 
he’d planned for every possible disaster 
that could strike his unmanned data 
center short of something falling out of 
the sky; the data center was hit by a 
low-flying aircraft shortly afterward. In 
another legendary incident, a consul- 
tant discounted the possibility of flood 
damage because the data center was 
halfway up a hill. The valley duly flood- 
ed and the waters rose — and stopped 
just before the data center. Unfortu- 
nately, the sewer system underneath it 
also flooded, and no member of the 
staff could stomach the resulting smell. 
w Financial or reputational damage: The 
frequency of attacks that hurt compa- 
nies financially or tarnish their reputa- 
tions is increasing. Well-documented 
cases include a hack at Citibank in 1995 
and the recent spate of exposures of 
credit card information at dot-coms 
such as Egghead.com Inc. 

At Citibank and Egghead, small- 
scale, targeted security breaches ex- 
posed individual weaknesses. In the 
Citibank case, $10.4 million was stolen; 
in the Egghead case, the credit card 
database was compromised. 

The damage to the two companies’ 
reputations seems to have far out- 
weighed the financial loss. For exam- 
ple, Citibank recovered almost all of the 
stolen funds but reported a noticeable 
loss of business that it attributed to the 
negative publicity. 

Well, that’s six risks. That’s far from 
being everything that could go wrong, 
but I think they’re the six most worri- 
some. They certainly give me some- 
thing to concentrate on. 

Now, the next time I have to make a 
judgment call, I can check whether the 
proposed changes make those scenar- 
ios more likely or less likely. 

In fact, if I really wanted to take a 
strategic approach to my job, I could 
work out how to deal with those sce- 
narios and work out a plan to imple- 
ment security measures to prevent 
them. 
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Business continuity planning: The 
process of planning to ensure that a 
business keeps functioning in extreme 
circumstances. It’s sometimes con- 
fused with disaster recovery planning, 
which is the process of recovering a 
system from an unexpected, serious 
fault. Disaster recovery planning is gen- 
erally seen as a technical subset of 
business continuity planning. 


LINKS: 


http://catless.ncl.ac.uk/risks: 
“The Risks Digest” Web site, which 
describes itself as a “forum on risks to 
the public in computers and related 
systems,” includes regular news and a 
discussion forum concentrating on 
things that go wrong with computers, 
from malfunctioning Japanese toilets to 
the space shuttle Challenger disaster. 
It's an invaluable resource for anyone 
involved in risk management - or any- 
one who likes to laugh at other peoples’ 
misfortunes. 








A Sad Goodbye 


I've been writing this journal for 
about eight months now, and I’ve de- 
cided that it’s time to pass the baton on 
to another security professional. I'd 
hoped to be able to write a neat wrap- 
up column this week that closed off all 
the issues I’ve raised: the smart cards, 
the antivirus problems, the legal quag- 
mire and so on. Of course, life’s not like 
that, and I’m still struggling with those 
very issues. If you want neat answers, 
ask a consultant! 

Before I go, I'd like to thank everyone 
who’s taken the trouble to send me 
e-mail or contribute to the discussion 
at the Security Watch forum at Comput- 
erworld.com. Your comments have been 
invaluable, not just because it lifts my 
spirits to know that other people face 
the same problems that I do, but also 
because some very knowledgeable peo- 
ple have taken the time to offer advice 
and help. 

I'd like to mention all of you individ- 
ually by name, but so many people have 
requested anonymity for themselves or 
their companies that I'd better not. 

Ah well, I guess we've still got a ways 
to go before we can all talk openly 
about security. D 





Editor’s note: Computerworld would like 
to thank Jude for his contributions and 
insights into the day-to-day issues of se- 
curity management. Look for a fresh face 
— and a new perspective — next week. 





® This journal is written by a real security manager, whose name and employer have been disguised for obvious reasons. It's posted weekly at www.computerworld.com to help you and our security manager - let's call him 
Jude Thaddeus - better solve security problems. Contact Jude at jude.t@lycos.com or click on Computerworld.com's Security Watch community forum to participate in discussion topics. 








Always-on 


Remote access. 


Always-on 


security. 


With remote users accessing the corporate network via broadband VPN connections, your network may 

be more vulnerable than ever. A hacker could attack a user’s PC and hijack an otherwise “secure” VPN session 

to gain unauthorized network access. Check Point’s VPN-1° SecureClient™ provides always-on security for both 
your network and your remote access clients. And with centralized management, you're always in complete control. 
In the bold new world of cable modems and DSL, we'll make sure your network is never vulnerable again. Always-on 
connections need always-on protection. This just might be why we have more VPN installations than anyone else. 


Check out www.checkpoint.com/secureclient and be secure. 
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Fix It Before 
It Breaks — 


In the days before computers, you fixed the refrigerator 
when the ice cream melted. Back then, the rule was 
‘If it ain’t broke, don’t fix it.’ Today, we’d rather fix PCs 
before they freeze. By Howard Millman 


r- System 

Mechanic 3.2 

$60; site licensing available 
$300 buys aCD-ROM for use on 
an unlimited number of PCs 

lolo Technologies LLC 

Pasadena, Calif 

(877) 239-4656 

www.iolo.com 


ae 
j 


the 
number of things 


ONSIDERING 


that can go wrong | 
Windows, | 


with 


ranging from the | 


blue screen of death, registry 
errors, corrupted Virtual De- 


| cations that overwrite one an- 


other’s Dynamic Link Libraries 


(DLL), it makes sense to antici- | 
ventive maintenance tools and 


pate problems rather than just 
react to them. 


Iolo Technologies LLC’s Sys- | 
Ontrack | 


tem Mechanic 3.2, 
Data International Inc.’s Sys- 
temSuite 3.0 


2001 help you do that. Each 


vendor offers a suite of tools to | 


predict, prevent and fix myriad 
minor hardware, configuration 
and software problems. 

While none of these suites 
can replace a skilled diagnosis 


» 
La 
? 


pa Ts AL Se a a 


| or is 


and Symantec | 
Corp.'s Norton SystemWorks | 





suitable for trouble- 
shooting network emergencies 
such as failed routers, they 
a good first line of defense. 
And, since they don’t require 
that the machine, 


are 


you open 


| they’re convenient and quick. 
vice Drivers (VXD) and appli- | . 
| Prevention Before Cure 


for the most versa- | 


My vote 
tile collection of routine pre- 


enterprise-friendly licensing 
goes to Pasadena, Calif.-based 
Iolo’s System Mechanic. 


Among its 15 utilities, one of 


my favorites is its Windows 


customization tool — sort of 
| like the Tweak UI desktop cus- 


tomization utility on ampheta- 
mines — that lets you fine- 
tune the settings affecting ap- 
pearance, security and perfor- 
mance. For example, it lets you 
control what applications and 
routines Windows runs when 
it starts, which has become 
harder than it used to be. 


| System 





clear choices when you need to | 


recover accidentally deleted 
files or unformat a hard drive 
or when you require advanced 
data recovery. For the latter, 
| Minneapolis-based 
| includes EasyRecovery 
with its suite. Symantec in Cu- 
pertino, Calif., 
service through a third-party 
provider, PromiseMark Inc. in 
Fairfax, Va. 

Both products also offer a 
broader range of utilities than 
Mechanic, including 
antivirus protection and instal- 


lation monitors, which can re- 


move all traces of installed and 


| downloaded programs. 


I also like Iolo’s Internet Op- | 


timizer, which accelerates In- 
ternet communications by fine- 
tuning registry settings. I saw a 
20% increase in data exchange 
rates after using the Internet 
Optimizer. 

Iolo’s $300 Mobile Toolkit 
will especially appeal to IT ad- 


Performance enhancers in- 
clude program 
that arrange a program’s DLL 
modules on the hard drive by 


accelerators 
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deleted files so they can’t be 
recovered. 
On the other hand, System- 


Suite includes PowerDesk 4, 


Ontrack | 
Lite | 


offers a similar | 


| col 


one of the best and most adapt- 
able graphical file managers 
around. It’s not directly related 
to the suite’s diagnosis and re- 
pair mission, but PowerDesk 
absolutely runs rings around 
Windows Explorer. Version 4 
includes a file transfer proto- 
downloader and a fast- 
loading file viewer that can 
display more than 200 formats. 


| How Good? 


I ran the three suites through 
an identical set of defects that I 
created, including erroneous 
shortcuts, incompletely _re- 
moved programs, faulty Run- 
Services commands, and re- 
named or missing VXD and 


Symantec’s Norton <1 DLL files. 


SystemWorks 2001 


$60; site licensing available 
Symantec Corp. 

Cupertino, Calif. 

(408) 253-9600 
www.symantec.com 


The three suites performed 
as expected, although it some- 
times took multiple passes to 
catch all the errors. System 
Mechanic seemed to run 
faster than SystemWorks, 
which ran faster than System- 
Suite, but the 
differences 
were small. 

System Me- 





or 


© Prumeminoamteew | 
Fe ae 


Tre OF eCRreL TD ane 2% 
erat PRDETY, 


chanic and 
SystemWorks 
don’t offer 
crash protec- 
tion and 
covery; I con- 
sider that a 


re- 





order of execution. Although | 


even weeks, 
learn an application’s loading 


| order, the effort is worth it. I 


| achieved a 


10% to 20% im- 


| provement in loading time for 


many programs. 
SystemWorks has a slight 


| edge over SystemSuite, not be- 


ministrators who maintain a | 


large number of machines. 
Mobile Toolkit is a CD that can 
run (but doesn’t install itself) 
on an unlimited number of ma- 
chines. Changes made to a ma- 
chine are permanent, unless 
they’re modified by running 
the Mobile Toolkit again. 

On the other hand, as good 
as System Mechanic is for pre- 
ventive maintenance, it lacks 
utilities for even rudimentary 
crisis management. Syman- 
tec’s SystemWorks and On- 
track’s SystemSuite are the 





cause of superior technology 


| it can take several days, or | 
for the utility to | 





but because of better packag- | 


ing. SystemWorks lets you run 
four of its utilities directly 
from the CD, eliminating the 
need to first install them. 
Unlike System Mechanic, 
however, SystemWorks _ re- 
quires you to obtain a license 
for each machine you use it on, 
even if you don’t install it. 
You'll most likely use three 
utilities that run from the CD 
— Win Doctor, DiskDoctor 
and UnErase — to identify and 
fix common glitches. A fourth 
utility, WipeInfo, overwrites 





benefit. Sys- 
temSuite still 
includes this 
feature, which it calls Crash- 
Protect. As hard as this utility 
strives to prevent data loss 
when Windows goes haywire, 
it often causes more problems 
than it solves. If the machine is 
unstable, it’s better to save 
what data you can and reboot. 

Microsoft Corp. promises 
that error-trapping improve- 
ments in Windows 2000 and 
the next release of Office will 
reduce delinquent digital be- 
havior. 

While it’s premature to bid 
goodbye to the nettlesome 
problems that depress produc- 
tivity and raise the pulse rate, 
this combination of error- 
resistant applications and easy- 
to-use diagnostic and repair 
utilities can help keep users’ 
keys moving. D 





Millman is a freelance writer 
in Croton, N.Y. Reach him at 
hmillman@attglobal.net. 
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Anew way to transmit informa- 
tion is based on very familiar 
technology. By Barbara Forster 


RING ON THE PENS 
and paper. Get rid of 
those awkward per- 
sonal digital assis- 
tants (PDA). Some 
old technology is 
about to revolutionize 
the way we send e-mail, order 
candy and flowers, and update 
medical records. 

Anoto AB, a Newton, Mass.- 
based subsidiary of Lund, 
Sweden-based C Technologies 
AB, has developed a messag- 
ing and data-recording system 
connecting specially designed 
image-scanning pens to cell 
phones via Bluetooth, a short- 
range, wireless data-transmis- 
sion technology. 

“It’s easy to understand and 
easier to use,” says Peter 
Schnorr, vice president of 
business development at An- 
oto. All it takes, he says, is the 
ability to write — plus Anoto’s 
pen and digital paper. 

The Anoto pen’s main com- 
ponents are a digital camera, 
an advanced image-processing 
unit and a Bluetooth-enabled 
radio transceiver. The pen also 
contains an ink cartridge, so 
you can actually see what 
you're writing down. 

The pen, developed by C 
Technologies’ founder, Chris- 
ter Fahraeus, registers X and Y 
coordinates on another Anoto 
creation — paper printed with 
a dot pattern that lets the mes- 
sage be converted into a digi- 
tal image. 

“It doesn’t matter what or 
how you write because only 
graphical representations are 
transmitted,” says Schnorr. 

Though WYSIWYG is now 
the presentation mode, trans- 
lator applications of every 
imaginable variation — such 


as changing handwritten text 
into fonts and from one alpha- 
bet to another — are inevi- 
table, says Schnorr. Intelligent 
Character Recognition soft- 
ware from Cambridge, Eng- 
land-based Neurascript can do 
the job, and similar technolo- 
gy can be integrated into the 
Anoto system, he says. 

Using up the digital pattern 
is hardly a problem either. The 
algorithm for the dot pattern 
on one sheet of paper trans- 
lates into an area equal to the 
surface of the planet Saturn. 

The Bluetooth transceiver, a 
battery and an image proces- 
sor, along with a pressure-acti- 
vated digital camera, an ink 
cartridge and memory, are 
stashed inside the pen. The 
pen, which is activated when 
the cap is removed, can store 
as many as 50 continuous 
pages of solid X and Y coordi- 
nates before transmission is 
necessary. 

“Our goal is to get a full day 
— 10 hours — of active, pen- 
down writing,” says Schnorr. 

The camera takes digital 
snapshots of the pattern every 
1/100 sec.; each snapshot has 
enough information to calcu- 
late the exact position of the 
pen. According to Schnorr, the 
pen has an accuracy tolerance 
of 1/1,000 in. 

Transmission to fax ma- 


| chines, PCs, handheld com- 


puters, cell phones or PDAs 
occurs only when the writer 
addresses the message 

which can go to one or more 
recipients — and marks the 
Send box at the bottom of 
each page with a straight line. 
Neither turning a page nor 
ripping off pieces of paper ini- 
tiates transmission. With the 


Future 


Send box checked, data can go 
directly to a PC or through a 
Bluetooth-enabled device to 
the Anoto Look-up Service via 
the Internet. 

Anoto Net Service, Anoto’s 
proprietary intermediary, then 
instructs the pen to contact a 
service provider’s name server 
and send the information. The 
server then tells the pen 
where and how to send the 
data and in what format. 

Limited transmission dis- 
tance is the biggest potential 
downside. The pen transmits a 
signal for just 10 to 30 feet, 
which puts the writer on a 
short wireless tether. 

One of Anoto’s partners, 
Montblanc, the brand of pens 
marketed by Switzerland’s 
Richemont AG, is developing 
a pen for Anoto that should 
stay below $100, says Schnorr. 


Paper, Paper 

Digital paper products, 
which can be any size and 
shape, use ordinary black car- 
bon-based ink and standard 
printing techniques. In addi- 
tion, because only carbon- 
based black ink absorbs in- 
frared light and makes the pa- 
per pattern visible to the pen’s 


| digital camera, noncarbon- 


based ink can be printed on 
top of the Anoto pattern with- 
out interfering with the func- 
tion of the pen. “It shouldn’t 
be any more expensive than 
regular paper,” says Schnorr. 

Even better, the dot pattern 
is replicable on any surface 


| that allows 1,000-dpi resolu- 
| tion. Newsprint is a great ex- 


ample, but everything from a 
whiteboard to a refrigerator is 
also a candidate. 

Scurrying to establish a 


| global standard for digital pa- 
| per, Anoto is entering into 
| partnerships with as many pa- 


per manufacturers as possible. 
Franklin Covey Co., 3Com 


| Corp. and The Mead Corp. are 


already on board. 
Anoto uses public-key infra- 


The Anoto Pen 


The Anoto pen’s chief components are a digital infrared 
camera, an image processor with memory and a Bluetooth 
wireless transceiver. It also contains an 

ordinary ink cartridge so the writer 


can see what he’s writing. 


Bluetooth 
transceiver 


PEN SPECS: 

Camera: Custom CMOS 
sensor, 100 frames per sec- 
ond 

Processor: Proprietary ap- 
plication-specific integrated 
circuit at 70 MHz 
Communication device: 
Bluetooth transceiver 

Ink cartridge: contains 
conventional ink 
lilumination: Infrared LED 
Resolution: 0.03mm 
Weight: 45g 


Anoto Patterned Paper 


The Anoto input device is a piece of ordinary paper on which 
a proprietary pattern has been printed in black, carbon-based 
ink, which absorbs the infrared light from the Anoto Pen’s 
camera and creates the image to be transmitted. 


| 


structure and 128-bit encryp- 
tion based on the Advanced 
Encryption Standard’s Rijn- 
dael algorithm, the current 
U.S. government standard. For 


| certain applications, 192- and 


256-bit keys are also used. 
Internally encrypted before 
transmission, all messages are 


| also time-stamped, a require- 


ment for providing digital sig- 


natures. Such signatures can’t 
be duplicated. 

With the back-to-basics 
process and products expect- 
ed to hit the market by the end 
of the year, comments like “I'll 
write you a note” will be part 
of our vocabulary again. D 


Forster is a freelance writer in 
Boston. 





Like many other young men at the 
time, David Cooper was enthralled by 
the Sputnik space capsule, which the 
Russians launched in 1957, when he was 
a high school student in Bolling, Texas. 

But unlike most of his peers, Cooper 
followed through on his dream. He went 
to work on the Gemini, Apollo and 
space shuttle missions and became one 
of the most influential IT managers at 
NASA. Now, as the CIO at Livermore, 
Calif.-based Lawrence Livermore Na- 
tional Laboratory, he drives IT policy 
for what is arguably the most advanced 
computer installation in the world. 

Cooper, who holds a doctorate in 
physics, is an unapologetic optimist on 
the potential benefits of computing tech- 
nology to society. He says he sees his 
role as providing the tools to scientists 
to make the world a better place to live. 


For example, the Accelerated Strategic 


Computing Initiative (ASC), which he 
oversees, will make it possible for scien- 
tists to simulate a nuclear bomb blast in 
3-D, eliminating the need for live testing. 
Cooper, who is also a Computer- 

world Premier 100 honoree, shared his 
experiences and observations on every- 
thing from new technology initiatives to 
security, data management and recruit- 
ing with Computerworld’s Mark Hall. 


What are the technology advances of the 
ASCI program at Lawrence Livermore 
Labs? Cray [Research Inc., the origi- 
nal Cray computer company] spent 
between $200 million and $300 mil- 
lion in research and development 
for each generation of new super- 
computer. They would sell, at most, 
a few hundred of them. It was appar- 
ent that pursuing this technology 
path would not allow us to perform 
a 3-D simulation of nuclear weapons 
in the lifetime of a weapons scientist. 
As a matter of fact, we estimated that 
it would take up to 6,000 years run- 
ning on a Cray XMP. 

So we looked for another solution 
that was faster and hopefully less 
costly. The answer was to use com 
modity parts — the workstations 
you and I have on our desks — and 
couple them together with a high- 
speed switch and special software to 
make the entire collection of parts 
work at some reasonable level of 
efficiency. This produces a “parallel” 
computer that consists of thousands 
of processors. 

Taking a sophisticated computer 
code, like a nuclear weapons code, 
and partitioning it across thousands 
of processors is a very difficult task. 
But we have a lot of very smart peo- 
ple working on this problem. 


Parallel computing has been going on for 
a long time. It has lots of failures, such 
as Thinking Machines and Kendall 
Square. What has made ASCI work? 


First, we went to several large com- 


~ TECHNOLOG 


panies that have computing as a part 
of their business plan and got a com- 
mitment from them. Second, and 
perhaps more important, we concen- 
trated on the software. It’s almost 
always the software, both application 
and operational, that make these 
large computers work. The develop- 
ment of a high-speed switch to 
achieve efficiency was also critical. 

The ASCI program made a long- 
term commitment to invest in the 
development of all aspects of these 
machines. Converting any sophis- 
ticated computer code . .. that’s 
running fine on a Cray-type comput- 
er to a massively parallel machine 
requires a large investment and an 
awful lot of time. 


| Describe the ASCI program commitment. 


Was it hard to sell? The ASCI pro- 
gram plan calls for a 10-year invest- 


| 
| 
| 
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Livermore Labs 
CIO David Cooper 
manages an ad- 
vanced technology 
lab, but what he has 
learned about data 
management and 
employee recruit- 
ment and retention 
could benefit any 
IT operation. 


ment in all aspects of large parallel 
computers. The budget is currently 
about $600 million per year. Only a 
quarter of the budget goes for com- 
puting platforms. About 40% goes 
to the application teams to develop 
new codes. At Livermore, we have 
teams of up to 30 people all working 
together to develop codes that work 
efficiently on these large systems. 

A large part of the selling of the 
[ASCI] program was convincing 
computer companies to bid on ma- 
chines that consisted of thousands 
of processors. Everyone knew that 
they would not be selling many 
8,000-processor machines. But they 
would be selling thousands of simi- 
lar but smaller systems, such as 32- 
or 64-processor machines. 


You already have nearly 3 petabytes of 
data with the ASCI project. Have you 
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learned anything about data manage- 
ment that’s applicable to other CIOs? 
The techniques we use for data 
storage, compression and analysis 
are readily applicable to a number 
of applications. Weapons designers 
previously used two-dimensional 
tables of numbers in their analysis. 
With terabyte-size data files, they 
can no longer do this, so we made a 
large investment in scientific visual- 
ization capability. At the lab, we have 
a 9-by-15-foot visualization wall that 
we use to display the results of simu- 
lations. I have seen weapons design- 
ers who have been designing weap- 
ons for 30 years say, “I didn’t know 
this was going on.” These visualiza- 
tion techniques are also applicable 
to numerous other scientific and 
engineering disciplines. The ASCI 
program, by investing in scientific 
visualization and data analysis tech- 


niques, has opened up new markets 
for these capabilities. 


The ASCI project has massive power and 


cooling requirements. How do you han- 
die the facility infrastructure around 
the computing infrastructure? We 
work with multiple vendors to get 
estimates of the power and cooling 
requirements of their future systems. 
If the estimates are too far apart, 
we go back and ask for a refinement. 
We do this until we are satisfied that 
we have a reasonable estimate of the 
requirements. Back-of-the-envelope 
calculations won't do. We need to 
know the details about these sys- 
tems’ requirements because we are 
building the facilities to house them 
right now. 


How do you attract computer scientists 
to the lab when in nearby Silicon Valley 


they can earn more and get stock 
options? I use the ASCI program 

as a recruiting tool. I say to people, 
“Look, here’s an opportunity, maybe 
once in your life, to make a differ- 
ence in the environment [eliminating 
underground nuclear tests] and to 
work on a pre-eminent, leading- 
edge, defining state-of-the-art 
program. How many times in your 
career do you think you're going to 
be able to do this? Come work for 
me for three years and make a differ- 
ence. Then you can go over to Sili- 
con Valley and make your millions.” 
I know that once they come to work 
at the lab that they will love the chal- 
lenge and the environment and 
many will stay. 

I believe that if we continue to de- 
velop ASCI-like computers, we will, 
in the next generation or two, be able 
to simulate the human body and de- 


+) 


termine whether or not a drug taken 
into the human body will result in a 
deformed child or even result in 
cancer at some later stage of life 

If the automobile companies had 
the supercomputers 10 or 12 years 
ago that we have today, they would 
have been able to design an air bag 
that when deployed would be gentle 
on a young adult or infant 

Other applications are [accurate] 
weather prediction in advance for 
say, 21 days, prediction of the impact 
of deforestation, environmental 
cleanup, safer and more efficient 
aircraft, etc 


Once you get people into the lab, how do 
you develop their careers? We have a 
variety of programs and opportuni 
ties for training available to our 
employees. We don’t have a formal 
mentoring program yet, [but] we 
make sure that people are associated 
with someone in their field. The 
worst thing you can do is hire some- 
one and turn them loose without any 
real guidance 


How do you train employees to be man- 
agers? Well, I think Livermore has 
not done a very good job of this 
Consequently, some of the organiza- 
tions, including mine, have started 
an Emerging Leaders program. 
First-line supervisors nominate 
people, or people can self-nominate 
to participate in the program. We 
introduce them to management and 
management techniques. We invite 
in speakers. We expose them to dif- 
ferent parts of the lab. By having a 
colleague or a working relationship 
with someone in another organiza- 
tion at the laboratory, we can hope- 
fully avoid the “stovepiping” that 
takes place in large laboratories like 
Livermore. 


if you had to give one piece of advice to a 
CIO building a new data center, what 
would you tell him? The most impor- 
tant thing I could tell them is to pay 
strict attention to cybersecurity. I’m 
convinced that I could select a team 
and get to virtually anything con- 
nected to the Web. There are so 
many vulnerabilities out there. If one 
needs to worry about the integrity of 
the data, then one must worry about 
cybersecurity. Before one is willing 
to accept the risks, I strongly recom 
mend that there be a detailed threat 
identification and a formal risk 
analysis. In my opinion, CIOs need 
to go out and hire a chief security of- 
ficer and fund a staff to support this 
activity. There are too many people 
who simply put too much faith in 
firewalls. There are many levels of 
sophistication of firewalls and many 
are just capable of keeping out the 
“kiddie” hackers, quite frankly. B 





IREWALLS ARE GUARD DOGS ina box, 


designed to resist brute-force attacks, 


foil hackers and generally police 
everything going in and out of net- 
works. It’s hard not to rely on them 
But it’s also easy to overestimate 
their importance in any enterprise 
security arsenal. 

Firewalls can’t go it alone. “What we do is a bal- 
ancing act,” says John Lucich, international president 
of the High-Tech Crime Network, a West Caldwell, 
N.J.-based computerized network of law enforcement 
agencies from 15 countries. The amount 
of money spent on security products must 
be balanced against the worth of what’s 
being protected, and most organizations 
aren't Fort Knox, says Lucich. 

Firewalls are part of a greater network and securi- 
ty infrastructure, which itself derives from a meticu- 
lous, well-documented security plan. Security ex- 
perts are the guardians of that network, the kind of 
people who wake up at night in a cold sweat, won- 
dering if the firewalls are blocking what they should. 
Their jobs require a lot of intense hours, because 
networks are constantly changing. 

Security experts are scarce and expensive, so out- 
sourcing provides an affordable way to benefit from 


OUTSOURCED 
FIREWALLS 


TECHNOLOGY 


such talent. Outsourcers also configure and maintain 
equipment and buy in bulk, saving their customers 
money. Finally, outsourced firewalls are often a good 
step to value-added monitoring services, which are 
also offered by outsourcers. Outsourcing companies 
can not only maintain firewalls and prevent attacks 
on corporate networks, but they can also see when 
those networks are being attacked and take the nec- 
essary steps to block the attackers. 


Economics of Outsourcing 

Firewalls are designed to prevent unauthorized ac- 
cess to or from a company’s network. 
They monitor everything that comes in or 
goes out, often at the packet, application 
or circuit level of the network, or by using 
a proxy server to disguise IP addresses. 
But they’re expensive. For companies that want to in- 
stall one in-house, a new firewall costs $15,000 to 
$30,000 or more, depending on licensing fees and 
whether it’s a hardware firewall (also known as a net- 
work appliance), a software firewall or, more often 
than not, a combination of both. Hardware firewalls 
are less expensive because the software version re- 
quires powerful additional servers on which to run. 

To set up and run the firewall and manage security, 
a company needs to hire a security expert. That ex- 


TRUo! 


BUT 


Companies can outsource 


their firewalls 


and intrusion 


detection to save money, 
but only if they keep an eye on it. 
BY MATHEW SCHWARTZ 
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pert earns $80,000 to $100,000 per year and requires 
ongoing training. And more than one person is 
required to run around-the-clock monitoring and re- 
sponse. The three-year cost of a firewall and just one 
expert to run it would be at least $255,000. 

By contrast, it usually costs $1,000 to $3,000 per 
month plus a set-up fee (often equal to the monthly 
rate) to outsource a firewall. When it comes to net- 
work architecture, firewalls don’t have to be next to 
the servers they’re protecting. So even if a company 
has its servers located elsewhere, a vendor can care 
for and maintain the firewalls. What’s needed is com- 
munication between the company and the outsourcer 
about keeping servers configured correctly and 
noticing changes in users who access the network. 

There are immediate benefits to outsourcing: there 
are no steep purchase costs, the client doesn’t have to 
install or maintain the firewall and it frees network 
technicians to keep the network running. Many 
outsourcing companies will also do some on-the-job 
security training for the technicians, so they’re kept 
aware of security issues. Thus the three-year cost 
could be $120,000, or less than half of the do-it- 
yourself option. 

“Outsourcing is a way to save money — big time — 
and a way to get expertise quickly and deploy it quick- 
ly,” says Lucich. According to The Yankee Group in 
Boston, start-up costs for in-house security often 
exceed companies’ estimates, easily approaching six 
figures for a 500- to 1,000-node, 10- to 20-site network. 

Kurt Ziegler, president of Web monitoring soft- 
ware company eBSure Inc. in Dallas and former vice 
president of product security at Computer Associ- 
ates International Inc., says he opted for outsourcing 
a year ago because it made sense financially and did- 
n't require hiring and training a security manager. In 
addition, he had to demonstrate exactly how secure 
his company was to clients who use his products to 
measure user behavior on their Web sites. Logs of 
users’ activities are sent back to eBSure, which ana- 
lyzes them and passes the results on to clients. So 
enormous numbers of logs have to flow in past the 
firewalls, while malicious data must be blocked. 


The Plan 

Firewalls aren’t network security silver bullets, 
however. Without a meticulous, well-documented 
security plan and a good overall infrastructure, fire- 
walls merely provide the illusion of security. As an 
example of what not to do, Lucich says he was re- 
cently brought in to assess the security at a $2 billion 
company that had a $2,500-per-month contract with 
an Internet service provider to maintain a firewall on 
the company’s front door, which controlled every- 
thing that got in or out of the networks. But he found 
more than 12 backdoor vulnerabilities — things such 
as open ports and misconfigured routers. Anyone 
trying to break into a site typically goes for the unse- 
cured parts first; hence, the firewall wasn’t doing the 
company any good. A little detective work found that 
beyond the firewall, the company’s security regimen 
was rather anemic. And, Lucich says, the service 
provider didn’t wave any red flags to let the company 
know the limitations of a firewall-only approach. 

Who takes the blame for such a lack of knowledge? 
Many companies are being led down the wrong path 
by vendors that claim to sell security but really sell 
only point products, says Lucich. 

Ziegler agrees. When he accepted bids for securing 
his company and performing intrusion detection, he 
says, many vendors weren't looking for patterns — 
known holes in SMTP servers. “They were basically 
selling stopping a ping or someone coming in at the 














firewall level as if it was intrusion detection,” he says. 

ompanies are learning. Mitch Hryckowian, senior 
director of security and infrastructure at Interliant 
Inc., an application service provider and hosting com- 
pany in Purchase, NY., that until recently, on 
75% to 80% of customers would ask for a firewall. That 
has changed. “Now it’s to the point where I don’t know 
any customer that doesn’t ask for a firewall,” he s 


Intrusion Detection 

Outsourced firewalls can also be the foundation for 
security insurance or intrusion detection monitoring. 
Just as homeowners can contract with security compa- 
nies to protect their house, so, too, can companies con- 
tract with monitoring services to watch their networks 
— routers, switches, firewalls, network traffic and 





such. “There is no one who can ever you're 100% 


secure and can never get broken into, 


imize overall damage when break-ins do occu 

egler evaluated both outsourced firewall and i 
trusion detection prov s and selected Riptech Inc. 
in Alexandria, Va., to handle firewalls and provide 
full-time monitoring to determine in real time when 
his network is under attack. “They were extremely 
price competitive with any other alternative, 

The benefit for Ziegler is that outsourcing pro 
more security muscle. “It just takes a rifle z 
someone to come in, ar easy if you’re focusing on 
the wrong areas Ziegler annually reassesses 
the decision to outsource, but so far his costs are less 
than having to hire a full-time security expert, he s. 
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proc cautiously and advi 


STARTING OUT 


1 Realize that n 
ins will happen 


2 List and prioritize 


Think about 
Firewalls 
Consider su 
vices to monit 


Find vendors that ask to 
before they make < 

Use establishe 

that have recently relabeled t 
intrusion detection firms 


nscious tc 
ll the outsource 
its customers 


4 Get the proposal in wri 


PENETRATION TESTING 


1 Penetration testing is exp 
really ure, d 


the initial pe 
yenetration te 
When contracting to outsource firewalls or monitor- 
ing, the devil is in the details. Search for vendors that 
want to work with companies and not just sell goods, 
. “When someone comes in and says 
they’re going to secure you and they don’t ask to see 
your policies and procedures, kick them out, because 
they don’t have your best interests in mind,” he says 
riegler hired an independent penetration testing 

company to initially test eBSure’s site and has the 
company recheck it about every six months. “I feel 
that’s the only way I can really validate the security 
and that the company we're hiring is actually consis- 
tent with the skill level of the penetrators,” he says. 

No company can really guarantee 100% security. 
“Anyone who guarantees that is a fool,” says Ziegler, 
who acknowledges that eBSure has had “a couple of 
close ones” in the past year. 

About six months ago, for instance, “some [com- 
mercial] software had gotten inside our house and 

a Trojan horse sending data to some 

where else. And it was noticed by Riptech within 
four to five minutes of the time data was first going 
to a host other than ours,” says Ziegler. The data was 
being sent to a server Ow by Ashburn, Va.-based 
UUNet Technologies Inc.; UUNet was unaware of 
what was going on. A phone call cleared up the prob- 
lem and started an investigative trail that led to the 
apprehension of the hacker. 

For Ziegler, the incident proved the value of having 
a lot of security experts watching his network. 
“Riptech detected [the intrusion] and, immediately, 
we had a professional on the other end of the phone 
talking us through it,” he says. D 
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HOT TRENDS & TECHNOLOGIES IN BRIEF 


ificial Neural 
Networks 


DEFINITION 
An artificial neural network 
(ANN) is a means of process- 
ing complex data using multi- 
ple interconnected processors 
and computing paths. Inspired 
by the architecture of the hu- 
man brain, ANNs are capable 
of learning and of analyzing 
large and complex sets of data 
that more linear algorithms 
can’t easily deal with. 


BY ALEXX KAY 
TRADITIONAL digi- 


many tasks very 
well. It’s quite fast, 


| ities allowed them to address 


| many problems that were diffi- 
tal computer does | 


| standard 


and it does exactly | 


what you tell it to do. Unfortu- 


nately, it can’t help you when | 
you yourself don’t fully under- | 


stand the problem you want 
solved. Even worse, standard 
algorithms don’t deal well with 
noisy or incomplete data, yet 
in the real world, that’s fre- 
quently the only kind available. 
One answer is to use an artifi- 


cult or impossible to solve by 
computational and 
statistical methods. By the late 
1980s, many real-world insti- 
tutes were using ANNs for a 
variety of purposes. 

Although ANNs are often re- 





ferred to simply as neural net- | 
| works, that name more proper- | 


ly belongs to the biological 


brains on which they were | 


originally modeled. 


| Structure 


An artificial neural network 


cial neural network (ANN), a | 


computing that 
learn on its own. 


The first artificial 


system 


neural 


can | 


operates by creating connec- 


| tions between many different 


network was invented in 1958 | 


by psychologist Frank Rosen- 


blatt. Called Perceptron, it was | 
intended to model how the hu- | 


man brain processed visual 


data and learned to recognize 


objects. Other researchers 
have since used similar ANNs 
to study human cognition. 
Eventually, someone 
ized that in addition to provid- 
ing insights into the function- 


real- | 


ality of the human brain, ANNs | 


could be useful tools in their 
own right. Their 


pattern- | 


matching and learning capabil- | 


processing elements, 


each | 


analogous to a single neuron in | 
| a biological brain. These neu- | 
rons may be physically con- | 
structed or simulated by a digi- | 


tal computer. 


Each neuron | 


takes many input signals, then, | 
based on an internal weighting | 
system, produces a single out- | 
| put signal that’s typically sent 


as input to another neuron. 


The neurons are tightly in- | 


terconnected and organized 
into different layers. The input 
layer receives the input, the 
output layer produces the final 
output. Usually one or more 


hidden layers are sandwiched 
in between the two. This struc- 
ture makes it impossible to 
predict or know the exact flow 
of data. 


How They Learn 
Artificial neural networks 
typically start out with ran- 


domized weights for all their | 
neurons. This means that they | 


don’t “know” anything and 


must be trained to solve the | 


particular problem for which 
they are intended. Broadly 


speaking, there are two meth- | 
| parallel nature, however, al- 


ods for training an ANN, de- 
pending on the problem it 
must solve. 

A self-organizing ANN (of- 
ten called a Kohonen after its 


inventor) is exposed to large 


amounts of data and tends to 
discover patterns and relation- 
ships in that data. Researchers 
often use this type to analyze 
experimental data. 

A_ back-propagation ANN, 
conversely, is trained by hu- 
mans to perform specific tasks. 


During the training period, the 


| teacher evaluates whether the 


ANN’s output is correct. If it’s 


| correct, the neural weightings 


that produced that output are 
reinforced; if the output is in- 
correct, those weightings re- 


| sponsible are diminished. This 


type is most often used for cog- 
nitive research and for prob- 
lem-solving applications. 
Implemented on a single 
computer, an artificial neural 
network is typically slower 


| than a more traditional algo- 


rithmic solution. The ANN’s 


lows it to be built using multi- 


| ple processors, giving it a great 


speed advantage at very little 
development cost. The parallel 
architecture also allows ANNs 
to process very large amounts 


| of data very efficiently. When 


dealing with large, continuous 
streams of information, such as 


| speech recognition or machine 


sensor data, ANNs can operate 
considerably faster than their 
linear counterparts. 


Hierachical Neural Network 


This is one possible way to organize the processors in a neural net. In this 
tiered hierarchy, each processor sends its output to all the processors on the 
next level. One consequence of this is that there’s no way to determine the 
actual path taken by data to produce the final output. 
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Artificial neural networks 
have proved useful in a variety 
of real-world applications that 
deal with complex, often in- 
complete data. The first of 
these were in visual pattern 
recognition and speech recog- 
nition. In addition, recent pro- 
grams for text-to-speech have 
utilized ANNs. Many hand- 
writing analysis programs 
(such as those used in popular 
PDAs) are powered by ANNs. 

Automated and robotic fac- 
tories are now being moni- 
tored by ANNs that control 
machinery, adjust temperature 
settings, diagnose malfunc- 
tions and more. These ANNs 
can augment or replace skilled 
labor, making it possible for 
fewer people to do more work. 


Economic Uses 

The economic uses of ANNs 
may be the most exciting. 

Large financial institutions 
have used ANNs to improve 
performance in such areas as 
bond rating, credit scoring, tar- 
get marketing and evaluating 
loan applications. These sys- 
tems are typically only a few 
percentage points more accu- 
rate than their predecessors, 
but because of the amounts of 
money involved, they are very 
profitable. ANNs are now used 
to analyze credit card transac- 
tions to detect likely instances 
of fraud. 


ANNs are used to discover 


| other kinds of crime, too. Bomb 


detectors in many U.S. airports 
use ANNs to analyze airborne 


| trace elements to sense the 


presence of explosive 
chemicals. 

OUTPUT And the 
personnel 

office of the Chicago Po- 


; lice Department uses ANNs to 


try to root out corruption 
among police officers. B 





Kay is a freelance writer in 
Dorchester, Mass. Reach him at 
Alexx@world.std.com. 
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Workflow ‘lool Puts 
Shop Floor Online 





iWork software connects manufacturing 
devices with back-end ERP systems 





BY ROBERT L. SCHEIER 
MPLEMENTING a compa- 
nywide enterprise re- 
source planning (ERP) 
system is an expensive 
proposition. To get the 

best return on investment, 

companies need to use their 

ERP systems not only to plan 

production, but also to track 

what’s actually happening on 
the shop floor. 

That’s the idea behind iWork 
Software LLC’s iWork Busi- 
ness Integration Suite, which 
automatically converts trans- 
actions within a manufactur- 
ing supply chain (such as pur- 
chase orders, bills of lading or 
credit checks) into XML docu- 
ments that can be transmitted 
from the shop floor to a com- 
pany’s ERP system — or to its 
trading partners. 

“Our systems bring informa- 
tion from the shop floor to the 
planet,” claims Harry Falk, co- 
founder, president and CEO of 
the Greensboro, N.C.-based 
company. 

That claim has yet to be fully 
tested: So far, early customers 
are doing limited implementa- 
tions of the newly released 
suite and haven't yet fully test- 
ed the suite’s scalability or in- 
tegration with multiple third- 
party applications. 

Still, iWork is among the 
first to market with a workflow 
integration tool aimed specifi- 
cally at the manufacturing in- 
dustry. 

“It’s probably shortened the 
time frame [of linking an exist- 
ing labor-tracking application 
to its ERP system] and lowered 
the cost by 30% to 50%,” says 
Jack O’Connor, director of 
planning and technology at 
Champion Industries Inc., a 
maker of commercial dish- 
washing equipment in Hunt- 
ington, W. Va. 

TWork Software has its roots 
in professional services com- 
pany Falk Integrated Tech- 
nologies Inc., also in Greens- 
boro, which launched the com- 





pany in 1997 to focus on build- 
ing software links from shop- 
floor systems to ERP software. 

[Work Software first devel- 
oped dcServe, a software tool 
for automatically collecting 
and managing data from “sev- 
eral different makes and mod- 
els of shop-floor devices [that 


| also] had the capability to go to | 





other host applications,” says 
Chief Technology Officer Ken 
Hamlin. 

Several customers asked 
iWork to extend dcServe to 
link shop-floor systems to sup- 
port other applications, such 
as those that track inventory in 
warehouses. In response, the 
company released its iWork 
product in October. 

Revenue flattened as the 
company’s focus shifted from 





iWork 
Software LLC 


Location: 7900 Triad Center Drive, 
Greensboro, N.C. 28601 


Telephone: (336) 852-0455 


Web: www.iworksoftware.com 











Niche: For manufacturers 





Why it’s worth watching: 
Among the first vendors to ship a 
workflow integration product aimed 
at the manufacturing industry 





Company officers: 

¢ Michael A. Falk, chairman of the 
board, co-founder 

¢ Harry S. Falk, president and CEO, 
co-founder 

Ken Hamlin, chief technology 
officer 


Milestones: 

©1997: Company launched; dcServe 
released 

* October 2000: iWork Business 
Integration Suite released 


Employees/growth: 75; 10% to 
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“OUR SYSTEMS BRING information from the shop floor to the 
planet,” says Harry Falk, president and CEO of iWork Software. 


uT 
30% growth projected ov ey 


this year 


Burn money: 

$12 million, 50% 
generated from oper- 
ations, the rest from in- 
dividuals. |Work's officers 
say the company is profitable. 


ry 





Products/pricing: Total invest- 
ment, including software and ser- 
vices, ranges from $200,000 to 
$300,000 per installation, plus on- 
going software maintenance fees. 





Customers: Champion Industries 
Inc., Burlington Chemical Co., ESAB 
Welding & Cutting Products, 
CertainTeed Corp., Arkwright Inc. 


Partners: IBM, Lotus Develop- 
ment Corp., Cisco Systems Inc., 
Vignette Corp., Intermec Technolo- 
gies Corp. 


Red flags for IT: 

[Work faces competition from 
much larger companies. 

Expect to pay extra for custom 
adapters between iWork and legacy 
applications. 
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services to developing the 
iWork software, says Falk. The 
firm is profitable, but sales 


stayed almost flat at $42 mil- | 
lion in 1999 with only “modest | 


growth” for the past fiscal year, 
which ended October 31. How- 


ever, Falk says he expects sales | 
| Competitors 


| Sales of manufacturing-specific appli- 


to rise at least 50% this year. 


| Pay as You Go 


TWork gives away the com- 


ponents of the iWork suite, | 


which allow customers to de- 


sign and develop their integra- | 
| integrate shop-floor devices with ERP 


tion environments, and then 
charges for the code that pro- 


vides the actual connectivity | 
to plant-floor devices and busi- | 


ness applications. It also pro- 


software maintenance fees. 
“We're doing a lot of proof- 
of-concept, $200,000 
$300,000 deals,” says Falk, 
which if successful “promise to 
be multimillion-dollar transac- 
tions.” He says customers ap- 
preciate the ability to build 


the buzz 


STATE OF 
THE MARKET 


Big Market, Big 


cations will grow from $6.6 billion this 
year to $10.4 billion in 2004, according 


| to Framingham, Mass.-based IDC. As for 


integration tools such as iWork’s, which 


systems, “my feeling is that nearly every 
manufacturing company over $100 mil- 
lion needs this . . .and could afford it, 


| based onthe business streamlining ben- 
vides the services to set every- | 
thing up and charges ongoing | 
| analysis firm in Newburyport, Mass 


to | 


efits” says Julie Fraser, an analyst at In- 
dustry Directions Inc., a consulting and 


The size of the market is the good 
news, says Fraser, because iWork and 


| its three main competitors “all have 


their systems gradually with- | 


out having to cut multimillion- 

dollar checks up front. 
Customers also say they like 
iWork’s ease of use. David 
business development 
Burlington, N.C., praised the 
point-and-click simplicity of 
iWork’s Workflow Modeler, 
which customers use to de- 
%, P g 
* finished system will 
‘© produce. For in-house 
staff, a week or two of 


plenty of potential and room to grow.” 
IWork’s “ease of implementation and 
the comprehensiveness of its capabili- 
ties” are its strong points, she says. The 
bad news, says Fraser, is that it must 


| compete with well-established vendors 
| that also have “fairly comprehensive” 


toolsets. The top contenders include 


McKnight, director of strategic SeeBeyond Technology 
at | 
| Burlington Chemical Co. in | 


Corp. 

Monrovia, Calif 
www.seebeyond.com 

Formerly Software Technologies Corp.. 
SeeBeyond’s eXchange eBusiness Inte- 


| gration Suite includes the eGate Integra- 


sign the documents the | 


tor platform, used for integrating appli- 


| cations and middleware within a compa- 


training in iWork “is | 


les plenty, if you have an 

understanding of Java 
and XML,” he says. 

The biggest obstacles to im- 


nontechnical issues such as the 
need to carefully plan and track 
complex integration projects 


ny, and the eXchange Integrator, for au- 
tomating business processes and man- 
aging trading relationships through ex- 

changes or networks 


| Viewlocity Inc. 


: . | Atlanta 
| plementing iWork, say both | 


McKnight and O’Connor, are | 


www.viewlocity.com 


Spun off from Sundbyberg, Sweden- 


| based service provider Frontec AB, 
| Viewlocity's flagship product is AMTrix, 


and convincing nervous busi- | 


ness partners to grant access to 
their corporate systems. 


Another plus for iWork is its | 
experience and reputation in | 


the manufacturing 


industry. | 
O’Connor says Champion has | 


been outsourcing much of its | 


IT infrastructure to iWork 


since its previous incarnation | 


as a services firm. “They’re a 
solid company and they’re ex- 
perienced in delivering system 
solutions,” he says. D 





Scheier is a freelance writer in 
Boylston, Mass. 


which uses XML connectors to link dis- 
parate applications and data sources. 


| Like iWork, it provides both an integra- 


tion hub and tools to model the connec- 
tions needed among business partners. 


Mercator Software Inc. 
Wilton, Conn. 
www.mercator.com 


Mercator's Commerce Broker software 
can design, implement and manage in- 
terfaces for manufacturing and other 
business-to-business transactions. It in- 
cludes the ability to define and manage 
partner relationships, as well as archive 
and audit transactions. 

- Robert L. Scheier 
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Windows 2000 enhances storage 
Compag Integration2000 delivers enterprise 


e-commerce Solutions management, disaster recovery 


Integrating enterprise applications tomers | 
got a boost with Compagq's Integration2000. ; : ; ; : 

he initiative helps solve the largest, most Microsoft Windows 2000 features that fine-tune how information 
difficult business integration problems. ; a ; ‘ 
www.windows2000advantage.com/pov/ is stored, distributed, backed up and recovered in an enterprise- 


12-11-00_integration.asp class data center are making life easier for users such as Ryan 
Cloyd of EDS. 


2 in as For the full story, visit: www.windows2000advantage.com/ 
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Understanding Commerce Server 2000 

Released ~ general Fae eng 

icrosoft Commerce Server pro- 

vides the foundation for the development 

on deployment of e-commerce Web NE WS > 

sites. . s 

www.windows2000advantage.com/tech_edge/ Report says Windows 2000 servers featuring 


01-22-01_commerce_2000.asp 99.964 uptime 


' Following up on an earlier report that said dot-com users were 
Q & A responding favorably to Microsoft Windows 2000, the Aberdeen 
Aberdeen Group analyst says Windows Group has issued a new report in which users are certifying high 


2000 ready for reliability prime time reliability and scalability with their Windows 2000 systems. 
Tom Manter, research director at the 

Aberdeen Group, finds that dot-com and at : 

peed ad veciss gs nibh = sh poe gl For the full story, visit: www.windows2000advantage.com/ 
choose Microso indows over 

Windows alternatives. news/01-29-01_aberdeen.asp 

www.windows2000advantage.com/qa/ 
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Rapid Economic Justification methodology paves way 
for Windows 2000 


COLUMNS 


Avoid the ostrich approach to security 
Amazingly, many companies still take an 
apathetic approach to security because they 
don't believe a security disaster will ever 


happen to them. Columnist Olivier Thierry ; - 
begs to differ. IT executives hear a lot these days about total cost of owner 


www.windows2000advantage.com/columns/ ship, especially as their organizations expand into the realm of 

orn ereee global e-commerce. For some companies, becoming established 
as a Solid Internet presence in addition to being a traditional 
brick-and-mortar business means revamping their technology 


; CASE STUDIES infrastructures. For others it means making measured invest- 


ments in additional hardware and software to supplement legacy 
Seeetias, Sener blazing Commerce systems. Either way, organizations must be prepared to justify 
Before Microsoft's Commerce Server 2000 the cost of expenditures with a solid return on investment strat- 
hit the street, it went through an extended egy that clearly illustrates potential benefits. 
beta testing trial with top-tier companies. Two 
of them, RadioShack.com and Starbucks used 
it to accomplish specific e-commerce goals. For the full story, visit: www.windows2000advantage.com/ 
www.windows2000advantage.com/ : 
case_studies/01-22-01_commerce.asp momentum/01-15-01_rej.asp 


www.Windows2000Advantage.com/300 











MOMENTUM SERIES> 


Dedicated appliance servers provide targeted func- 


tionality, enable Internet infrastructures 

Appliance servers are preloaded, application-specific machines dedicat- 
ed to specific tasks. Dedicated servers are not new, of course — they've 
been around for at least 10 years, traditionally as file and print servers. But 
what differentiates this category is that the vendor optimizes the software 
and the hardware for the particular task at hand and delivers it to the user 
ready to go. 

Previously, customers handled the retrofitting themselves — they would 
take a general server and add hardware and software to turn it into, for 
example, a print server. Or they'd pay a third-party to do if for them. 

Some have called this type of hardware a thin server. But Framingham, 
Mass.-based International Data Corp., research manager Mark Melenovsky 
cautions against that term because it can be confused with a rack-mounted 
server that's less than two inches tall — in other words, something that's 
physically thin as opposed to something that's virtually thin. So he prefers 
appliance server as the name for the application-specific class of machine. 

According to Charles Vallhonrat, marketing manager for Compaq’s 
TaskSmart N-Series Servers. “It's a turnkey solution that does one task 
with great performance. It’s ready to manage and easy to set up right out 
of the box.” 

Appliance servers come in all shapes and sizes, from a low-end Web 
server, selling for about $1,000, to massive processors for load balancing 
that may sell for up to $30,000. 

IDC predicts that revenue from appliance servers will grow from $1.4 bil- 
lion in 2000 to $1077 billion in 2004. (These figures do not include special- 
ized devices used for network-attached storage (NAS), which could be con- 
sidered appliance servers.) In comparison, the overall server market will 
grow from $73 billion in 2000 to $106.7 billion in 2004, according to IDC. 


For the full story, visit: www.windows2000advantage.com/ 
momentum/02-05-01_appliance.asp 








QUOTE OF THE WEEK > 


“You can take Commerce Server 2000 
out of the box, slap a coat of paint on 
its pre-built features and make it do 
what you need to do.” 


— Rob Reed 
manager of Web IT 
Starbucks Direct 


SPECIAL ADVERTISING SECTION 





| etree me Compan te 


What is Windows 2000 Advantage? 


The mission of Windows 2000 Advantage is to become 
your primary source of timely, useful information for planning 
and implementing Microsoft Windows 2000 on Compag solu- 
tions and services. 

Windows 2000 Advantage is a Web-only magazine because 
that lets us bring you, the IT leader, great stories that apply to 
your day-to-day work. We’ll keep you up to date with a weekly 
e-mail alert so you don’t miss a thing. 

Windows 2000 Advantage is underwritten by Microsoft 
and Compag. Its charter is to address the issues that most 
concern IT managers charged with keeping their companies on 
top of the latest and best solutions Microsoft and Compaq 
have to offer. Toward that goal, we offer a wide range of stories 
including case studies, columns and news to provide you with 
information you can't find anywhere else. 


Windows 2000 ADVANTAGE 
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QUICKPOLL > 


Do you feel your IT shop 

is capable of maintaining 

and troubleshooting a 
Microsoft Windows 82% 


_ 2000 Datacenter 


Server installation? 


Cast your vote now at: 
www.Windows200GAdvantage.com/300 _Base: 108 Respondents 











Silicon Mesa 


The Rio Grande Valley of northern 

New Mexico has billed itself as one of 
the hotbeds of high tech. But a closer | 
look finds that the job market may not | 
be nearly as hot as the weather 
outside. By Erik Sherman 


GREAT CLIMATI 
and a relaxed at- 
mosphere might 
sound wonderful 
to someone who's 

been in an IT pressure cooker 

too long. And it would sound 
even more wonderful if the re- 
gion around Albuquerque, 

N.M., could offer plentiful jobs | 

in addition to all of that. After 

all, the area bills itself as the 

Silicon Mesa, an up-and-com- 

ing high-tech job mecca. And 

at first glance, things seem 
promising here. 

It took Rick Crabtree, CIO 
at St. Joseph Healthcare in 
Albuquerque, three months to 
find his most recent new em- 
ployee because experienced 
help is scarce. 

“In the past, we might have 
10 résumés on the shelf — or 
100, depending on what we 
were looking for,” says Crab- 





tree. “Now, we don’t have any.” 
Look a little deeper, though, 
and you might start to wonder 
if the Silicon Mesa name fits. 
According to Crabtree, em- 
ployees in the area are “sitting 
tight” and not changing jobs, 
leaving few openings. Recent 
graduates or people who are 
switching careers with little 
IT experience may not find 
the market as welcoming as 
perceptions would have it. 





It has recently become com- 


mon for geographic regions to 
invent marketing names for 
themselves — most often in- 
cluding words like silicon, dig- 
ital or Internet — to attract 
both employers and person- 
nel; Silicon Alley in Manhat- 
tan is a good example. 


IT professionals should take | 
literal note of the name Silicon | 


Mesa, which refers to the re- 
gion in northern New Mexico 
bounded by Albuquerque, Los 
Alamos and Santa Fe. The job 
market during the next year or 
two is likely to be what the 


name implies: It will largely be | 


built on silicon, and a graph 
representing opportunities in 
the area would be flat, with 
steep drops at the edges. 
“What’s confusing to me, 
there was an article last year 





[in a major newsweekly] that 
showed Albuquerque in the 
top 10 of hiring IT,” says Jerry 
Esch, enterprise information 
systems manager at the Sandia | 
National Laboratory in Albu- | 
querque. “We were mentioned 
ahead of lots of bigger cities. I 
looked at that and was saying, 
‘I’m not sure where they got 
this from.’ Yes, Bill Gates got 
his start here, but Bill Gates is 
gone.” (Microsoft Corp. start- 
ed in Albuquerque.) 

The area can legitimately 
portray itself as a leading tech- 
nology center. 

The Department of Energy 
and the Department of De- 
fense perform much of their 
work at the Los Alamos Na- 
tional Laboratory and at San- 
dia. Sandia spins off many 
companies that commercialize 
the results of its research. In- 
tel Corp. and Philips Electron- 
ics NV have semiconductor 
manufacturing facilities in the 
area. And Honeywell Interna- 
tional Inc. and The BFGood- 
rich Co. together employ al- 
most 2,000 local residents in 
the aerospace industry. 

Unfortunately, the presence 
of high-tech organizations 
doesn’t always mean there are 
a lot of high-technology job 
opportunities. For example, 
Honeywell has 1,500 employ- 
ees, but only 57 work in IT, 
and only eight jobs are open. 

“New Mexico by far always 
had a very slim technical mar- 
ket,” says Thelma Rey, human 
resources director at McBride 
and Associates Inc. in Albu- 
querque. “My experience has 
been that when folks become 
technically competent, they 
find jobs outside the state.” 

Part of the explanation is 
probably the pay, which tends 
to be low compared with 
many other areas. “Anyone 
who does move here will take 
a pay cut,” says John Ortiz, 
vice president of business de- 
velopment at Bency and Asso- 
ciates LLC, a recruiting firm in 
Albuquerque. He estimates 
that salaries are 10% to 45% 
lower than in other areas of 
the country. 

“People don’t usually move 
here for the job opportunities; 
they move here for the envi- 
ronment,” says Ortiz. 

“I think [business] is more 
relaxed and a little bit less 
driven,” says Crabtree, who 
has worked in both Denver 
and Houston. 

According to Randy Burge, 
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executive director of the New 
Mexico Information Technol- 
ogy Group, the region’s IT 
market is still in its infancy. 
That means there is little cen- 
tralized communication, so 
those who need work may 
never hear about positions 
Making this infancy more dif- 
ficult is the nature of the tech- 
nology atmosphere. Spin-offs 
from the labs tend toward 
leading-edge applications, 
such as cluster supercomput- 
ing or advanced modeling and 
simulation. That means state- 
of-the-art technology and soft- 
ware design, so designers and 
developers should have an 
opportunity to hone their 
skills — assuming that they’re 
able to find jobs. D 

Sherman is a freelance writer 
in Marshfield, Mass. 


The Market 


The Silicon Mesa includes the 
middle Rio Grande Valley, near 
the cities of Albuquerque, Santa 
Fe and Los Alamos. 

Top IT jobs: Programmer/analysts, experi- 
enced network administrators 


Top IT skills: Oracle, distributed systems, 
SQL Server 

Major industries: Semiconductor, elec- 
tronics, government 

Salaries: Entry-level C programmer 
$35,000: staff analyst/programmer 
$50,000 to $55,000; senior staff 
analyst/programmer, $75,000 to $80,000 
Oracle database administrator, $50,000 
senior administrator managing others, 


$90,000 to $100,000 


laxed and less hectic than those in major IT 
centers 

The recruiter's view: The Silicon Mesa is 
most hospitable to those who have exten- 
sive IT backgrounds, according to John Or- 
tiz, vice president of business development 
at Bency and Associates. 

“The people who are actually getting jobs 
have a variety of skills [and] a lot of experi- 
ence, five to 10 years minimum.” There's lit- 
tle room for those with no experience. Such 
employees are best off getting early experi- 
ence in state or local government, rather 
than at laboratories or in private industry 

Because the job market is so tight, em- 
ployers can often afford to be picky, so the 
winning edge for candidates is having ex- 
perience in the appropriate vertical indus- 
try. Ajob search can last a couple of weeks 
for someone with a heavy Oracle database 
background or up to six months “for some- 
one who has one [programming] language 
and less than five years’ experience,” Ortiz 
says. If you're thinking of relocating to New 
Mexico, plan on a pay cut of as much as 
45% - without a low cost of living to bal- 
ance it. - Erik Sherman 
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You live in a big city and 
work on a small network. 
How about switching 


that around? 


Talent is the fuel of the new economy. 


IT careers and IT careers.com can put your message in front of 2/3 of all US 


IT professionals. If you want to make hires, make your way into our pages. 


IT CAREERS 


Not a bad trade-off when you consider you'll 
be working on one of the country’s largest 
privately owned computer networks. It also 
happens to be one of Computerworld’s 
“100 Best Places to Work” and ranked #15 
on the Fortune 500 company list. Add to 
that an easy-going lifestyle, a family-friendly 
benefits package, a diverse workplace and 
you'll kick yourself for not having made 
the switch years ago 

Contact State Farm Human Resources 
at jobopps.corpsouth@statefarm.com 
for information about current positions 
Or visit our website ; 


STATE FARM 


statefarm.com 


Fill up with [Tcareers. 


Call Janis Crowley at 
1-800-762-2977 


Computerworld + InfoWorld » Network World + February 12, 2001 
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Software Engineers 


IRIS ASSOCIATES, the creator of Lotus Notes, Lotus 
Domino and Lotus Domino Designer, seeks to fill a 
number of Software Engineering positions at various 
levels of responsibility at our location in Westford, MA 
All positions require a BS degree (or equivalent and 
some require a Masters degree) in Computer Science 
Mathematics or other relevant field, together with at 
least 4 to 7+ years’ relevant experience. 


* Software Engineers (QuickPlace Internals) 

* Software Engineers (Notes Client Editor) 

¢ Software Engineers (Lotus-Iris Products Designer/ 
Server Administration) 

* Software Project Managers (Domino Web Engine) 

* Numerous Other Software Positions at All Levels: 

* Principal, Senior and Entry Level 

Competitive benefits and starting salaries from $57,250 

$102,600, commensurate with the position’s specific 

responsibilities, accompany this exciting high-tech 

environment growth opportunity. 

Please mail or fax your resume, indicating Reference 

Code AIMSP@, to Iris Associates, Attn: Kendra Perry, 





Human Resources, Five Technology 
Park Drive, Westford, MA 01886; Fax: 
978/692-5001. Email: Kendra_Perry@ 
iris.com. Visit: www.iris.com. 


Iris Associates, a subsidiary of Lotus 
IBM, is an Equal Opportunity Smployer 











HELP WANTED 
Inbound Product Marketing Manager — Murray, UT 
Duties 


Manage all aspects of the product life cycle including extensive market 
research, customer profiling, feature productization and product launch 
Work closely with Engineering, actively defining market requirements, 
driving the long-term product roadmap. Work with Sales, Marketing 
Manufacturing and other development functions to bring to market in 
a timely fashion high-quality profitable products for the internet 
ir tructure market. Organize competitive analysis briefs, case studies. 
white papers and necessary collaterals. Interface daily with engineers 
to give customer profiles and product feature information. Also 
responsible for finding and identifying sales channels for emerging 
products technologies. Present products, plans and strategic 
direction to customers, internal organization, channel partners, peers 
and the industry at large. Proactively develop the materials to assist the 
field in their sales. Drive resolution of customer issues. Must have MBA 
with a BS. in a technical field, excellent technical background, good 
project management skills, hands on experience with computer 
networking and communications products and services, comfortable 
with public speaking and be able to present ideas well. 8am-5pm 
Salary: $57k/year 


Send resume to Dept. of Workforce Services, ATTN: Pat Redington 
Job Order #3061167, 140 East 300 South, SLC, UT 84111 








the place where your fellow readers 
are getting a jump 
on even more of 


the world's best jobs. 


Stop in a visit. 
See for yourself. 


| y) Careers.co 














(WEE (WEEKES IT caReEERS WEES 


The ITcareers Achievement Showcase 
creates a special environment that puts 
Niele] ance) em-jc-liml am cal-m-jele)ii(elae 


It's the perfect way to cwlicly honor your IT 

superstars who have been honored for ‘ “8 os 
their technical performance, community x 

service or business achievements. = 4 


Build retention with key employees, give 
candidates an inside look at your 
workplace, make ITcareers your special 
stage for special people. 


Achievement Showcase advertisers eligible 


for special rates and premium placement. 
Find out more. Call Janis Crowley at 


IT, careers 


An IDG Recruitment Solution 


USE OUR PAGES TO SALUTE YOUR eyes 
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Trojan horse: . 


a) method of surprise attack during 
the ‘Trojan War 
b) four-legged animal 
¢) malicious code 
If you picked c, then we may have a job for you. 


CERT® Coordination Center, operated by the Software Engineering Institute 
at Carnegie Mellon University 


Leading organization in computer security response and research. 
Protecting the future of technology and networks. 
Join us: www.cert.org/jobs/ 


Opportunities in research, training, and analysis, among others. Positions 
available in both pacagsaace PA and peimanicetoe DC 


jal Oooorturity Employer. We co not accept resumes f ecruit 


@ fice. com 


High tech jobs online 


NASDAQ: EWBX Sr EARTHWEB SERVICE 


SOFTWARE ENGINEERS 

IT PROJECT ENGINEERS 

SYSTEMS ANALYSTS 
BC, V 3 


MF B 
V sal Ba: 


PROGRAMMER ANALYSTS 
DB ADMINISTRATORS 
ET DMI 


Opportunities with 
ThinkSpark 


BUSINESS DEVELOPMENT 
Successful track record ng 


1-800-762-2977 


WE DO A BETTER 
JOB AT HELPING YOU 
GET ONE. 


careers.com 
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tablished IT consulting firm 
with offices nationwide serving 
leading Fortune 5 
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magic around the 
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fits, Additional Compensation 
for referrals, and Professional 
Challenges with training and 
assignments to keep you at the 
leading edge of technology. We 
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ja EJB, J2EE and ASP, JSP, 
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C/C++, UNIX, HTML, Power 
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SYBASE, ACCESS, PERL 


For career opportunities, visit our 
web site at www.majesco.com. 


Majesco Software, 222W Las 
Colinas Bivd., #539€, Irving, TX 
1039. 


CyberTech Systen 
3 OR 8 Ne 


equal opportur 


Sys.Analyst: Analy’z, devip, instal 
maint'n admMini: 
based/sand-alone db sys w/Aipha 
VB, ASP & Oracle; Troubleshoot 
PC/Mac hw & sw, & custom 
designed applicat'n w/ JCL 
US/ASP. TSOASPF & Oracle/SQL 
Devip document'n for all hw/sw 
install'n. 8-5, 40h/w, $34,639/yr 
BS in computer related field & 6 
mon exp'ce in any posit'n w/Aipha 
4 & Oracle. Resume to Kathleer 
Robbins, Uni. of Cincinnati 3125 
Eden Av. PO Box 670521 


Cincinnati 


isultant, Denver. 
Jesign/develop application 
modifications for JD Edwards 
software using RPG & client 
server technologies. Min req.: 5 
yrs exp. programmer/analyst inc 
2 yrs w/RPG & JD Edwards 
software. $81,500 yr., 40 hr/wk 
Must have proof of legal authority 
tc in the US. App 
resume only t Color 
Department Labor 
Employment 
Jim Shimada 
k Central 
1515 Arapahoe § 
80202-2117. Refer to Job Order 
#JL1117101 


Programmer/Analyst - assist in 
determining user requirements 
writes busines: 
in CO! 
languages ir 
SA environment 
new subroutines or 
programs; increases 
operating efficiency of or adapts 
programs to new requirements 
corrects program errors; prepares 
test data, documentation and 
back-up and tests same. Must 
have documentable ability to 
program in COBOL II, CICS and 
DB2 tc diverse business 
applications. B.A. or B.S. degree 
in computer science, engineering 
or math. hours: Mon. - Fro., 8:00 
A.M 5:30 P.M., Lowell 
Salary: $42-56,500 year, per 
experience. Apply at Ark. Employ. 
Sec. Dept., 1626 S 8 St., Rogers. 
or send 2 resumes to David 
O Box 2981, Little 
72203, job orders 


Trusted by 
aalelecmaliaiale 
managers 


than any IT 


space in the 


IT) careers.com 


(D careers 








"%y 
~ Th 


rey ne enor 


io 


SURE 

NETWORK WORLD, 
COMPUTERWORLD, 
AND INFOWORLD 
ela eum Geom Bre) 


A BETTER JOB. 


Now Let Us HELP 
b (0) Om ©) 5 we OD 
CALL: 

1-800-762-2977 





IT Careers.com 





(iy careers.com @EES IT careers @EES (iy careers.com 





THE WORLD OF Work Is | |2S2:| [Exe 
CHANGING EVERY WEEK. someeenes| [mo 


Oracle ROBMS 





GUI: Wir 

Mainframe 

ERP: Pe 

Internet Applications: ASP. HTM 
Broadv AT UY 

F 

CRM 


DBA 


Unix/NT Administrators. 














ngth of our company is the 
ion of skills and experience 


LUCKILY, WE ARE [OO! 








For the most up to date opportunities 








and coverage, stay tuned in with us. Gace | tee 


Website ERP/CRM: SA 
Applications 
Mainframe: UNIS 
ADABAS, NATURAL 
MIDRANGE: AS40¢ 
Client Server: 

ase 








www.hatcherassociates.con 





It’s Fast. 
It’s Huge. 


IT CAREERS 


where the best get better Worlds & 


1 -800-762 -_929'77 Dimensions. 











IT CAREERS a 











Computerworld * February 12, 2001 





CG careers.com 


(i) careers) 


IT CAREERS (EIS 


|g) Careers.com 





Magnet: 








INFOTECH CONSULTING, INC 
Software Engineers, Develop 
ers, DBA's, Sr. Project Leads 


wa 
Also looking for PRO! 


ANALYSTS 


al Report 
f 


a Bachek 


SENIOR SOFTWARE 
ENGINEER to lead a tez 


jesign, developmer 


5. Require 
valent) 


Software Engineer., Nash 
NH, Analyze & design « 
ts, § & applics 


mputer 
jec 
rograms & 


pimnt 


ye 
and approact 
for bus 


manageability; u: 
Oracle ROBMS, Java-s 
HTML, JavaScript, Sun Solaris 
MS Wir NT. Qualifs: MS ir 


r exper. & Oracle 


Software Engineer, Nashua, NH 
Analyze 

projects, systems 
including an intern 


P.O.Box 


1, NH 03302-0989 


























SOFTWARE ENGINEER 


PROGRAMMER 


] 


RDBMS, JSP. 


Serviets, Enter 


OMT 
£ Jav 
t 2 
Java Swing, Java 
ASP. HTML, Internet 
i ver, Visual Basic 
BEA Weblogic 


facilitate r 
employee relatior 


resume 
134€ Ci 
sira.com. Must refer 


No phone calls 








ftware Engineer 


Applications 
p & coordinate 
installation, implementation and 
maintenance 
quality checks 


applications Visual Basic 


ment Systems. Req: B 
































in U.S. must be state 











(D careers 





y exe 
Nting functional mod 


as FI/CO, MM 
n ABAP progra 


PROGRAMMER/ANA 


Requires 2 


SIGN ENGINEERS 


Jesig 

migration ) 

syste Metapha 2.x/3.x 
ackground on Oracle RDBMS 
required 1 knowledge of 


Windchill ar Enovia is a plus. 
ICAD 


Orientec 


} backg 
AD/CAM/CAE 


1 Mechanical, Electr 

r related field needed 

oSItions. Also available 
in MI, NY, WA, MA.CA and other 
states in US 


Successful candidates must 
have Bachelors or Masters in 
related field. Send resumes 
to HR: 32255 Northwestern 
Highway, Suite 248.Farmington 
Hills, Ml 48334 





40 hrs/wk 
Report/submit resu 

Stratico, Director, Pittsburgh 
Allegheny Co. CareerLink, 42: 
Sixth Ave., Ste. 2200, Pittsburgh 
PA 15219. Web 148040 





f academic cred 
science or a closely 
aid; Must have 
ability t 
juties gained througt 
work experier 
2wor 
000 per year 
Send resu' 
sson, HR General 
Security Systems 
3 Barfield Rd., Atlanta 
Attn: Job RN 


established IT 

at serves lead 

including 174 

f the 500. Witt 

COMSYS, you get: Extensive 

Benefits, Additional Compensatior 
for referrals, and Profess 


Challenges with tra 


signments to kee 








5 IT com 
hiand, MA has 


several senior and entry-level 
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Renaissance offers a wide vari 

of positions for qualified software 
professionals. We offer both full. 
time salaried and hourly consulting 
positions, pre-tax medical insur 
ance, paid vacation, 401(k) flexible 
spending accounts (FSA) and 
Employee Stock Purchase Plan 
(ESPP). Some positions may 
require higher levels of education 
and/or additional years of expe 
rience. For career opportunities 
in your area of expertise and 
specific Renaissance Worldwide 
office contact information, call 
our corporate Recruiting Center 
at: 1-800-248-9119; or visit our 
Web site at: www.rens.com 
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here’s no part of the information technology world that isn’t linked 

to the Internet. It weaves, winds and infiltrates every element of 

software development, architecture and systems being developed 

for the new e-conomy. There are, however, some businesses 
whose specialty is the Internet itself — how it works and what its next 
offspring will be. Here’s a look at some of those companies. 


CSX Technology — Jacksonville, FL 

Most people know CSX as the railroad giant. CSX 
Technology is the information technology shop that 
supports the transportation leader, from providing 

data center management to diagnostic systems for the 
repair of railcars and locomotives. The miles covered 
by the railroad between customer and success depends 
to large degree on the Internet 


Jack Morgan, assistant vice president for human 
resources, says CSX Technology has 560 employees. “Our 
web development projects are partnerships between 
customers, the railroad business and CSX Technology,” 
says Morgan. “We’re developing products that help with 
the exchange of data and information. These products 
include new methods of communicating to our customers 
through shipment tracking, price management and portal 
design to facilitate supply chain management and 


customer interaction 


“As we grow in the internet/intranet area, we need employ- 


ees with great attitudes, experience and an aptitude for mid- 


tier technologies ranging from PL/SQL to Java developers,” 
says Morgan. We use a two-track system that measures not 
just technical competencies but core competencies that 
include accountability, action orientation, integrity/trust, 
teamwork, customer-focus and technical agility. We need 
people who can dea! with change, who have business acu- 
men and project management skills. 


“We can offer a variety of leading-edge technology career 
options,” Morgan adds. “Every CSX employee receives train 
ing annually. In 2000 we finished the year with an average 
of 34 hours per employee. We're a dynamic company that is 
in a growth industry. When you add to these factors the peo- 
ple who work here, it makes for a great place. Here you'll 


find a warm, friendly, fun environment where we work hard.” 


Genuity — Cambridge, MA 

Long before there was an Internet, there was ARPANet. 
The brainchild of technologists at MIT and Genuity, 
then known as BBN, ARPANet exploded in the last 
decade as the Internet, changing the way companies 
work and the way that the world economy takes shape. 


BBN was later acquired by GTE and then was spun off 
as Genuity, when GTE and Bell Atlantic formed Verizon 
It was the first Tier 1 Internet backbone company in the 
world, according to Carolyn Churcher, Genuity's director 
of employment. Today the company is providing services 
to some of the best-known names in the Internet world 
Yahoo!, Earthlink and AOL among them. As part of 

its latest innovation, Genuity rolled out a new product 
known as Black Rocket. “This is a turn-key networking 
solution that can be assembled in just 10 days for a 


customer,” says Churcher. 


In addition to bringing the speed of the Internet to the 
development of a network, Genuity continues to focus on 
the grandchild of ARPANet — 
Internet. “We’ll be hiring 1,000 people in 2001,” says 
Churcher. “In developing a new Internet or extending the 


the next generation of the 


capability of today’s Internet, we need systems adminis- 
trators, network engineers and software engineers.” 


Genuity has offices in the Northeast, the West Coast and 
data centers throughout the United States, offering indi- 
viduals a variety of places to work. Genuity uses UNIX and 
NT skills, as well as standard software and network tech- 
nological skills. “We look for individuals with this techni- 
cal expertise, as well as those who have the ability to grow 
and evolve with this business,” says Churcher. “We're no 
newcomer to the Internet market, and we intend to main- 
tain our position at the top of this business.” 


Net Quotient — New York, NY 

Customers believe in Net Quotient’s ability to provide a 
back-end solution for Internet capability. Similarly, Net 
Quotient's leaders believe in the company’s employees. 
It’s one of the primary reasons employees give for coming 
and staying at the company, which provides technology 
consulting to Global 2500 companies. 


Joan Samaniego, recruiting manager, says that the 
company looks for highly experienced individuals who have 
a single interest — creating the best web-enablement 
backbone possible for clients. “We go to our clients as an 
experienced team with a solution for their technology 
needs,” says Samaniego. “This is a place where you can 


be a big fish in a small, highly talented pool of 
experts, where every opinion counts.” 


Net Quotient began as the technology-consulting arm of 
recruiting firm PenCom. Today, Net Quotient is owned by 
Formula Group, a corporation of more than a dozen 
Internet-based companies, including Applicom, Net 


Quotient’s parent company 


Net Quotient is hiring senior level web architects and 
technical project managers. Samaniego says the com- 
pany also is hiring sales and business development 
people with a talent for creating and maintaining 


relationships with clients of all sizes 


“Candidates want to work here for the people who inter- 
view them and who already work here,” Samaniego adds. 
“We are always hiring, continuously searching for talent- 
ed people. We create positions for people who are right 
for us.” In addition to the NYC office in Silicon Alley, 
Net Quotient has offices in Austin and Dallas, and 
London. Plans include opening offices on the West 


Coast and on mainland Europe 


Worldcom — Atlanta, GA 

Worldcom employs more than 77,000 people worldwide. 
And each of them can quote the future for Worldcom — 
Generation D. The data generation how it works, how 
it thinks and how it operates is the focus of this commu- 
nications giant that began as a local and long-distance 


telecommunications provider 


“We've evolved into much more than a phone company,” 
explains John Adams, regional technical recruiting manager 
for the East Coast. “Our direction today is toward more web 
hosting and the exchange of data and information, in what- 
ever form. We provide web server co-location and support 
administration and monitoring of communication systems. 


“The technological challenge is fantastic,” says Adams. 
“Our size creates a lot of opportunity for those who join 
Worldcom. Here you'll be able to see the global impact of 
what your technology creates. We will be doing a lot more 
to continue to be a pioneer in this business. Here you'll 
work with very talented people, you'll be encouraged to 
push against the status quo, and that means learning and 
growth for you as an individual.” 
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Security 
Hea 


Health care organizations scrambling 
to comply with pending HIPAA rules 


BY JULEKHA DASH 
NEW ORLEANS 
ITH NEW 
ernment regula- 
tions looming, 
upgrading secu- 
rity has become the top priori- 
ty this year for health care IT 
departments. 

The 20,000 attendees at the 
Healthcare Information and 
Management Systems Soci- 
ety’s (HIMSS) annual confer- 
ence here last week debated 
everything from reducing 
medical errors to deploying In- 
ternet technologies. But ses- 
sions on the Health Insurance 
Portability and Accountability 
Act (HIPAA) drew the largest 
crowds. At one session, guests 
spilled out into the hallway. 

“HIPAA is much bigger in 
magnitude than Y2k and is 
larger in scope because it’s not 
a one-time thing,” said Solo- 
man Appavu, director of sys- 
tems planning at Cook County 
Hospital and Cook County Bu- 
Health 


gov- 


reau of Services in 
Chicago. 

Lawmakers _ released 
HIPAA _ regulations, 
Congress passed in 1996, in 
several stages last year. In 
essence, the regulations 
quire health care organizations 
to protect the privacy and se- 
curity of confidential health 
information and call for stan- 
dard formats electronic 
transactions. 

Since the HIPAA regulations 
require heightened security 
measures, Bryan Bayley, pro- 
gram manager at Carl T. Hay- 
don VA Medical Center in 
Phoenix, said he’s looking for 
an alternative to password pro- 
tection, such as biometric au- 
thentication, which involves 
scanning a person's eye or fin- 
ger before before granting ac- 
cess to protected information. 


the 
which 


re- 


for 


Many health care companies 
are preparing for the regula- 
tions by changing their exist- 
ing policies and procedures. 


| Sparks Health System in Fort 


| created a 


Smith, Ark., for example, has 
policy education 
committee to assess its readi- 
ness for HIPAA, said Karen 
McPherson, director of infor- 
mation systems. To start, the 
committee has asked an attor- 
ney to draft a letter for vendors 


| to sign to show that they are 


HIPAA-compliant. 
As health care organizations 
their into 


pour resources 


| Continued from page 1 


Health Care 


recognize if a physician has 


prescribed the wrong drug for 
| a patient. By this summer, the 
| group plans to have a Web site 
| that hospitals can use to report 
| their safety performance, said 





| agement 


Leapfrog Executive Director | 


Suzanne Delbanco. 

“What companies want is in- 
dustrial-strength quality man- 
applied to health 
care,” said Arnold Milstein, 
national health care thought 


The Leapfrog 
Group 


Sixty Fortune 500 companies, 


including GM and Boeing, have 


formed The Leapfrog Group to 


help reduce medical errors. 


|= The group plans to survey hospitals 


in May to see if they use computerized 


| physician order entry systems and oth- 


er safety devices. 


summer to let hospitals report their 
safety performance. 


| Systems 


NEWS © 


HIPAA, other projects, such as 
Internet initiatives, will likely 
take a back seat this year. Al- 
two-thirds of respon- 
dents to this year’s HIMSS 
leadership survey said their 


most 


top priority is upgrading secu- 
rity on IT systems to meet 
HIPAA requirements. 

“HIPAA will have a continu- 
ing dampening effect on health 
care IT innovations,” said Sim- 


| mi Singh, a vice president in 


the health care group at Inter- 
net services firm SeraNova 
Inc. in Edison, NJ. 

But Walter Menning, HIMSS 
board chairman and vice chair- 
man of information systems at 
the Mayo Clinic in Rochester, 
Minn., said the survey results 
revealed not so much a declin- 


leader at New York-based hu- 
man resources consulting firm 
William M. Mercer Inc. and 
one of Leapfrog’s founding 


members. “In most other in- 


dustries, customers are better 
treated. ... There are econom- 
ic efficiencies.” 

Attendees at the Healthcare 
Information and Management 
Society conference 
last week in New Orleans said 
the industry is already taking 


| steps to reduce medical errors 
| through the use of technology. 


But when big companies such 
as GM and Kodak get involved, 


| that applies more pressure and 
| provides further incentive to 


the health care industry to “al- 
ter the way it works,” said 
David Ashbach, medical direc- 


| tor at Nephrology Specialists 


PC in Gary, Ind. 
Martha Laba, 


assistant vice 


| president of patient care ser- 
| vices at Crittenton Hospital in 


Rochester, Mich., said she and 


| six colleagues attended last 


week’s event to seek systems 


| that could reduce errors. 


But Gary Jump, vice presi- 
dent of information systems at 


| Our Lady of the Lake Regional 


Medical Center in Baton 


| in December 
| vealed that as many as 98,000 
| Americans die each year from 
| preventable 


| are 
| tempts to use IT to improve on 
| those statistics. 


‘lop Concern as 
Ith Care Regs Loom 


ing interest in Internet initia- 
tives as a shift in priorities 
caused by looming deadlines 
for HIPAA compliance. 

Late last year, former Presi- 
dent Bill Clinton announced 
the final HIPAA privacy rules 
[News, Jan. 1]. Most organiza- 
tions will have two years to 
comply. Failure to do so could 
result in civil and/or criminal 
fines, as well as jail time. The 
final security rules are due the 
middle of this year. 

However, Bill Braithwaite, 
senior adviser on health infor- 
mation policy at the U.S. De- 
partment of Health and Hu- 
man Services, said health care 
organizations will be asked for 
ongoing feedback. 

“It’s not a one-time deal. We 


Rouge, La., said smaller hospi- 


| tals, which already face tre- 
| mendous cost 
| would have little financial in- 
| centive to comply with Leap- 
| frog’s mission. “How can you 


pressures, 


add more criteria [to measure 
quality] that is costly? How 
much more can hospitals ab- 
sorb?” said Jump. 

Using technology to reduce 
medical errors has been the fo- 
cus of widespread discussion 


| in the health care industry 
| since the Institute of Medicine 


in Washington released a study 
1999 that re- 


medical errors. 
And beyond Leapfrog, there 
individual corporate at- 


Take GM. First, as a member 
of Leapfrog, it wants to help 
consumers make an “informed 


| decision about the plant that 
| they’re getting care from,” said 
| Rob Minton, a spokesman for 
| Detroit-based GM. 
| cess to data on medical errors, 
| for instance, consumers will be 


With 


ac- 


able to use that information as 


| . . . . 
| a criteria in selecting care 


| liance 





Getting Ready 
How has your organization 
complied with the Health 


Insurance Portability and 
Accountability Act? 


54% 


Installed security 
technologies 
Assessed organiza- 
re} 
53% tional compliance 
Documented 
security policies 


47% 
34% 
32% 


Hired security officers 


Implemented security 
procedures 

Hired a vendor to 
assess readiness 


16% 
14% 


Haven't begun yet 


will be revising these stan 
dards, and you will be affecting 
those standards on an annual 
basis,” Braithwaite said. D 


providers. “A lot of folks proba- 
bly put more time in picking a 
car than in [choosing] a health 
group,” said Minton. 

In addition, three weeks ago, 
the company announced that it 
had formed a three-year al- 
with Hillsboro, Ore.- 
based health care vendor Med- 
scape Inc. to promote the use 
of handheld computing 
vices among 5,000 physicians 
who treat GM employees and 
their dependents. GM spent 
$4 billion last year insuring 
1.2 million employees and de- 
pendents covered under 134 
health maintenance organiza- 
tions, said Minton. 

With mobile devices, physi- 
cians can quickly obtain infor- 
mation on drug interactions 
and patients’ medical histories, 
thereby lowering the risk that 
they will prescribe the wrong 
drugs, said Minton. In addi- 
tion, doctors can see whether a 
patient’s health insurer covers 
a particular drug, prior to pre- 
scribing it. 

GM hopes to arm the first 


de- 


| group of physicians with wire- 


less devices by midyear, al- 


| though it has yet to select the 


Cities it will target. D 
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FRANK HAYES 


THE BACK P. 


FRANKLY SPEAKING 


Out With the Old 


EAR JEFF SHEAHAN: Thanks for taking the time to 
write to Computerworld about my column on 
Egghead.com’s security problems [Frankly Speaking, 
Jan. 14]. As CEO of Egghead.com, you must have been 
busy working to win back the trust and support of your 
customers while I was writing the column, which I guess is why 
your PR people refused to let me talk with you. 
I notice that in your letter [News Opinion, Feb. 5], you don’t re- 
peat your previous claim that no customer data was compromised 
in the Egghead.com break-in. That’s a wise choice, since some of your 


customers whose credit card numbers were 
stolen believe they couldn’t have come from 
anywhere besides Egghead.com. 

At least, that’s what they've written to tell me. 

I’m also happy to hear you're looking into 
every customer claim of possible fraud. Lots 
of your customers say they feel like they’ve 
been ignored. Some say they heard about the 
break-in only from news accounts or their 
credit card companies, even 
though Egghead.com has their 
e-mail addresses on file. 

Your customers would rather 
hear the news from you, Mr. 
Sheahan. They’re your allies, 
not your enemies. They want to 
be able to trust you. Even finding 
out about the security breach in a 
form letter would have been bet- 
ter than learning about it from 
the newspaper — or while trying 
to use a credit card in a restaurant. 

And I'm very glad to know 
you're taking additional steps to 
secure your systems. When it 
comes to customer data, there’s 
no such thing as too much securi- 
ty. So in the interests of better se- 
curity, let me repeat one recom- 
mendation I made in that column 
last month. 

Get those old customer ac- 
counts — the ones that haven't 
been active for a year or more — 
off your live systems. 

Purge them. Roll them off. Fil- 
ter them out. They’re a security 
risk, a disaster waiting to happen. 

Your regular customers expect you to have 
their information online. That’s what personal- 
ization is all about. But customers who haven't 
recently bought anything from Egghead.com 
don’t expect you to have that information on 
your live systems. Many of them don’t want it 
on your live systems. 

Sure, it’s a lot more convenient to treat all 


Old customer 
data isn’t 
safe and 

it isn’t 
reliable. 


customer information the same way — ina 
single database, instantly accessible to cus- 
tomers and customer service and accounting 
and everyone else in your organization. 

It’s convenient, yes. But it’s not as safe. 

Besides, keeping old data online makes no 
sense in terms of personalization. That is why 
you're keeping that data online, right? Person- 
alization is about customer preferences. If 
you haven’t had contact with a 
customer in a year or more, why 
assume his preferences are still 
the same? 

Customers move. Their e-mail 
addresses change. They decide to 
use different credit cards. Most 
important, their product needs 
and preferences shift. You can’t 
do personalization with year-old 
data. That’s ancient history in 
this business. 

Which means that old cus- 
tomer information isn’t safe and 
it isn’t reliable for personaliza- 
tion. It shouldn’t be on your live 
systems. 

Yes, you have to keep those 
transactions on file. The IRS, the 
SEC or your accountants may 
need to see those records, and 
you're legally required to pre- 
serve them. But not connected 
to the Internet. You don’t even 
need them in live databases — 
they’re perfectly safe in off-line 
storage, sitting in some secure 
records vault where crackers and 
other bad guys can’t get at them. 

So get them off your live systems. That won’t 
solve all your security problems — or your is- 
sues of customer trust. 

But it’s a good start. D 


Hayes, Computerworld’s senior news columnist, has 
covered IT for more than 20 years. Contact him at 


| frank_hayes@computerworld.com. 
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ICE STORMS blow through 
Midwest town, taking out power 
for up to three days. Manager 
instructs Web developer pilot 
fish that next time storms hit, 
he should “add a section to our 
Web site, telling people how 
much longer their power will be 
off.” “I've created the system,” 
the fish reports, “but anyone 
who needs the information won't 
have any power to turn their 
computer on!” 


MAINTENANCE programmer 
pilot fish gets a 3 a.m. call from 
a user with a problem: System 
won't reboot, and “a big red light 
inscribed ‘Disk Failure’ was 
glowing.” That's a hardware 
problem, says fish - you should 
call our hardware support guy. 
Can't you come fix it anyway? 
asks user. “His reason?” says 
fish. “He likes me better than 
the hardware guy.” 


Y2K: STILL COUNTING The 
systems are all upgraded to 
four-digit years, but this user's 


| getting errors. Are you sure 


you typed in four digits? IT 
pilot fish asks. Yes, user says. 
“| put in four digits: 0001.” Fish’s 


| dilemma: “Do we change the 
system to keep data back that 


i 


— 


far or just try and fix the user?” 


PILOT FISH GETS CAUGHT 
in a wave of layoffs, and, for 
security, the company changes 
passwords to its Internet-acces- 
sible site. But no one remembers 
to shut off the fish's company 
e-mail account. “Of course, 

they broadcast the new pass- 
words to all employees’ Internet- 
accessible e-mail accounts,” 
says the fish. “Including mine.” 


WHAT’S SHAKIN’? User com- 
plains her laser printer output is 
too light to read easily. For now, 
says IT support fish, just shake 
the toner cartridge to redistribute 
toner; he'll have to order a fresh 
one. User tries it, reports back 
that it didn’t help much. Fish 
arrives on-site to help. He opens 
the printer cover and removes 
the cartridge to give it a shake. 
Oh, says user. “I didn’t know you 
could take it out. I've been shak- 
ing the printer.” 


Shake things up with your own 
true tale of IT life: sharky@ 
computerworld.com. You get 
a snazzy Shark shirt if your story 
sees print — or if it shows up in 
the daily feed on the Web at 
computerworld.com/sharky. 
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¥ in ‘Atlanta 1S | 


about to go down, theres printer 

backup in Baltirnove and an accoutant 

in Chicago is about to make level 3 
of tne game "Tomb Pirate’. z 





We'te lighting that campfire, Don, by building the new, high-performance Internet — the Local 


Internet. Bringing the speed, reliability and capacity of the Optical Internet closer to 


business networks. By not only shattering the bandwidth bottleneck, but also 


with an industry-leading portfolio of Local Internet solutions that offers next-generation capabilities, 


processing power and intelligence. Enabling service providers to deliver and manage — whether N ORT & L 


wired or wireless — profitable new eBusiness applications and services. So come together, right now 


with Nortel Networks™ And make the Internet whatever you want it to be. nortelnetworks.com N ETWOR KS 








Pe 


Virus Protection by Symantec. 


Symantec Virus Protection solutions shield your network at every vulnerable point—tfirewall, gateway, file and mail servers, all the way to the desk 


platforms than any other software. Plus, our Digital Immune System ™ automatically eradicates new viruses before they can spread. To find out more 
visit www.symantec.com/ses or call 800-745-6054 x9AZ1. And put a powerful security force to work for you. 
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